Improve company productivity with a Business Account.Sign Up

x
?
Solved

posting form data

Posted on 2016-10-26
3
Medium Priority
?
129 Views
Last Modified: 2016-10-26
I use PHP and mysql
how can I be sure that if my web form is actually posted from my own server?

I think anyone can send a data to my action page from a different server?

I use https by the way.
0
Comment
Question by:BR
  • 2
3 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 41860105
anyone can send a data to my action page from a different server?
Yes, that is one of the built-in risks of the HTTP protocol.  You can't prevent it, but you can make it harmless.

You may consider using a "form token."
https://www.experts-exchange.com/articles/28802/Improved-Form-Tokens-to-Guard-Against-CSRF-and-Screen-Scrapers.html

You can check HTTP_REFERER (It's all explained in the article).  You can also check the input controls.  You will find their names in the array keys of $_POST.  If any are missing or there are any extras, just discard the request.

If you need more protection, consider a CAPTCHA test.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
0
 
LVL 1

Author Closing Comment

by:BR
ID: 41860107
thank you
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 41860122
You're welcome!  Glad to help, ~Ray
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question