Page 1 of 1

can i guarantee a 'HTTP_REFERER' ?

Posted: Fri Jun 01, 2007 10:09 am
by Dave2000
$_SERVER['HTTP_REFERER']

Can i guarantee that a page will have a referrer? I know there are some circumstances when one isn't sent - such as your home page when you open your browser.

However. For example, I have one page, "form.php" and another "processform.php". If the only way a user should be requesting processform.php is after submitting form.php, can I use $_SERVER['HTTP_REFERER'] to check the user is not doing anything suspicious? Or is this just wishful thinking? :?

Thanks,

Shears :)

Posted: Fri Jun 01, 2007 10:14 am
by feyd
There is no guarantee that it will ever be set. It's an optional header passed by browsers. Some can be configured to not send it at all, some are stripped by various protective systems.

Use sessions to track where the user has been.

Re: can i guarantee a 'HTTP_REFERER' ?

Posted: Fri Jun 01, 2007 10:22 am
by superdezign
I could turn off the referrer at any point in my Firefox browser. It's up to the user if they want to give you data, so if you want it, you have to take it. :-p

You could just give the forms' inputs different names, and check which are set.

Posted: Fri Jun 01, 2007 10:39 am
by Dave2000
Thanks for the replies. :)