Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

posting form data

Posted on 2016-10-26
3
43 Views
Last Modified: 2016-10-26
I use PHP and mysql
how can I be sure that if my web form is actually posted from my own server?

I think anyone can send a data to my action page from a different server?

I use https by the way.
0
Comment
Question by:Braveheartli
  • 2
3 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41860105
anyone can send a data to my action page from a different server?
Yes, that is one of the built-in risks of the HTTP protocol.  You can't prevent it, but you can make it harmless.

You may consider using a "form token."
https://www.experts-exchange.com/articles/28802/Improved-Form-Tokens-to-Guard-Against-CSRF-and-Screen-Scrapers.html

You can check HTTP_REFERER (It's all explained in the article).  You can also check the input controls.  You will find their names in the array keys of $_POST.  If any are missing or there are any extras, just discard the request.

If you need more protection, consider a CAPTCHA test.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41860107
thank you
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41860122
You're welcome!  Glad to help, ~Ray
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to change the link of an image using md5 in php ? 3 47
Output in PHP throwing alignment of data off issue 12 43
Moving from Mcrypt to OpenSSL 18 46
Email called spam 5 36
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question