Form security

TboneT

Does anyone know how to prevent anyone from using a form from ouside your site?

I know there is a way to make it so that the php-script requires that the form data comes form a certain URL, but I think this can easily be manipulated on certain browsers...

Also, how do you prevent people from executing your scripts directly by using the url (for example: www.sumtin.com/tech.php)

Any help would be greatly appreciated.

planetsim

Yes your right it can be easily manipulated, also not all browsers send the referer. To fix this you cant really, all you can do is validate the data so that there isnt any illegal characters being entered.

For your second question you could try .htaccess however you will need to be specific with file names, if its a directory the entire directory, I am not sure on how its done so you may want to do a Google search. If that fails you can check if its meant to be a file included that something exists. I usually define something and in the include check if what was meant to be defined has been e.g.

mynormal.php

/* code above */
define('myapp', true);

myinclude.php

if (!defined('myapp'))
  die();