PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Just curious if anyone actually checks to make sure a form was posted from the page(s) you were expecting it to be posted from when processing form data?
For example, someone could view the source of your page with the form on it and manipulate the form tags to send unexpected data to the page that processes your form.
I first started doing this about a year ago after reading an article about people setting their own price for products by editing hidden variables that contained the product price for a PayPal add to shopping cart button.
That's not very sucure though since you can edit the header with some browsers although there aren't any secure way. I just use regular expression and REFERER