Checking where post and get data are from
Moderator: General Moderators
Checking where post and get data are from
Is there any way to check where the post data is coming from? (I mean if user saves the page sources and writes something nasty and posts that from his/hers computer to my box) Are there any limitations on this? I'm behind two or more proxies and atleast on firewall that I'm aware of...
there's no difference between the data sent due to 'your' page and a save/modified one. Both (may) come from the same computer/ip using the same protocol.
You may check the referrer of the page but shouldn't trust it since it could be altered, too.
Does anyone know if there's a way to track a https-connection (i.e. associate an id or hash or whatever with a certain connection that you may transfer within a form and check in the receiving script) ?
You may check the referrer of the page but shouldn't trust it since it could be altered, too.
Does anyone know if there's a way to track a https-connection (i.e. associate an id or hash or whatever with a certain connection that you may transfer within a form and check in the receiving script) ?
There are functions in PHP to strip out things like HTML code etc from variables. Use these to remove any dodgy code, don't bother trying to check for dodgy code just use these functions on all input from users.
For the functions look up http://www.php.net
For the functions look up http://www.php.net