Checking where post and get data are from

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
9902468
Forum Commoner
Posts: 89
Joined: Thu Jun 06, 2002 6:39 am
Location: Europe

Checking where post and get data are from

Post by 9902468 »

Is there any way to check where the post data is coming from? (I mean if user saves the page sources and writes something nasty and posts that from his/hers computer to my box) Are there any limitations on this? I'm behind two or more proxies and atleast on firewall that I'm aware of...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

there's no difference between the data sent due to 'your' page and a save/modified one. Both (may) come from the same computer/ip using the same protocol.
You may check the referrer of the page but shouldn't trust it since it could be altered, too.

Does anyone know if there's a way to track a https-connection (i.e. associate an id or hash or whatever with a certain connection that you may transfer within a form and check in the receiving script) ?
User avatar
mikeq
Forum Regular
Posts: 512
Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland

Post by mikeq »

There are functions in PHP to strip out things like HTML code etc from variables. Use these to remove any dodgy code, don't bother trying to check for dodgy code just use these functions on all input from users.

For the functions look up http://www.php.net
Post Reply