Putting limits on form submissions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ElPerezoso
Forum Newbie
Posts: 2
Joined: Fri Apr 25, 2003 7:25 pm

Putting limits on form submissions

Post by ElPerezoso »

Hi there -- I've got what's probably a relatively easy question to answer.

Is there any way I can prevent a php document page from processing a form if it is submitted from somewhere other than my own site?

That is to say, if somebody creates their own document on an outside server, and uses action="mydomain.com/myscript.php", how can I detect that from within my script, so I can refuse to process the input?

Thanks,
El Perezoso
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Afaik you can't stop forged forms.

But you can make the submitted POST vars safe. If POST vars are to be stored in a database and later echo'd out in a browser:

htmlspecialchars(addslashes(trim($_POST['var'])))

If you declare POST vars in foreach loops or with the extract() function you also have to take account of forged submissions by adding a prefix to the var name. If you don't, a forged form can submit a new variable which you weren't expecting from the form and this would overwrite a var in your script if:

(a) you have a (genuine) variable with the same name as the forged POST var

AND

(b) your variable is in the same scope as the foreach / extract lines and was declared prior to these
Post Reply