Solved

posting form data

Posted on 2016-10-26
3
31 Views
Last Modified: 2016-10-26
I use PHP and mysql
how can I be sure that if my web form is actually posted from my own server?

I think anyone can send a data to my action page from a different server?

I use https by the way.
0
Comment
Question by:Braveheartli
  • 2
3 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41860105
anyone can send a data to my action page from a different server?
Yes, that is one of the built-in risks of the HTTP protocol.  You can't prevent it, but you can make it harmless.

You may consider using a "form token."
https://www.experts-exchange.com/articles/28802/Improved-Form-Tokens-to-Guard-Against-CSRF-and-Screen-Scrapers.html

You can check HTTP_REFERER (It's all explained in the article).  You can also check the input controls.  You will find their names in the array keys of $_POST.  If any are missing or there are any extras, just discard the request.

If you need more protection, consider a CAPTCHA test.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41860107
thank you
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41860122
You're welcome!  Glad to help, ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Php Email function not working with Template 8 38
.php tree directory? 5 54
Is this error or Notice in php error log? 6 32
how to use a function in heredoc 5 21
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now