validate form submission

mfacer

How can I check if the contents from a POST form is from my own server? I know there are the $_SERVER variables - but I'm not sure which one to use...

I am at the moment able to have a database page on site1 and post to it from site2 - how can I stop this!!?

thanks 🙂

gammaster

Hi!

$_SERVER['HTTP_REFERER'] will show where it came from, but i dont say it`s a secure way to check this.

To do this secure you shold do this:
- Generate a uniqe key when a user visit your page.
- Save the key to database or file.
- Put the key in an <input type="hidden" name="validationKey" value="<?php echo $key;?>"> in the form
- When a user submit the form check the $_POST['validationKey'] against the saved value.

You will find plenty articles about this on the web.