can i guarantee a 'HTTP_REFERER' ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

can i guarantee a 'HTTP_REFERER' ?

Post by Dave2000 »

$_SERVER['HTTP_REFERER']

Can i guarantee that a page will have a referrer? I know there are some circumstances when one isn't sent - such as your home page when you open your browser.

However. For example, I have one page, "form.php" and another "processform.php". If the only way a user should be requesting processform.php is after submitting form.php, can I use $_SERVER['HTTP_REFERER'] to check the user is not doing anything suspicious? Or is this just wishful thinking? :?

Thanks,

Shears :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

There is no guarantee that it will ever be set. It's an optional header passed by browsers. Some can be configured to not send it at all, some are stripped by various protective systems.

Use sessions to track where the user has been.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: can i guarantee a 'HTTP_REFERER' ?

Post by superdezign »

I could turn off the referrer at any point in my Firefox browser. It's up to the user if they want to give you data, so if you want it, you have to take it. :-p

You could just give the forms' inputs different names, and check which are set.
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Thanks for the replies. :)
Post Reply