Hello all, While taking my time in the bath I though of something interesting.

Question

0

Asked: June 11, 20262026-06-11T18:22:36+00:00 2026-06-11T18:22:36+00:00

Hello all, While taking my time in the bath I though of something interesting.

0

Hello all,

While taking my time in the bath I though of something interesting. In PHP, how do you tell if the users’ forms submitted is valid and not fraud (i.e. some other form on some other site with action=”http://mysite.com/sendData.php”)? Because really, anyone can create a form that will try send and match $_POST variables in the real backend. How can I make sure that that script is legit (from my site and only my site) so I don’t have some sort of cloning-site data-steal thing going on?

I have some ideas but not sure where to start

Generate a one-time key and store in hidden input field
Attempt (however possible) to grab the url on which the form is located (probably not possible)
Using some really complicated PHP goodies to determine where the data is sent (possible)

Any ideas? Thanks all!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T18:22:37+00:00

Editorial Team

2026-06-11T18:22:37+00:00Added an answer on June 11, 2026 at 6:22 pm

Most of these attempts from hackers will be used by curl. It’s easy to change the referring agent with curl. You can even set cookies with curl. But spoofing md5 hashed keys with a private salt and storing it in session data will stop most average hackers and bots. Keeping the keys stored in a database will add authentication.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Hello all, While taking my time in the bath I though of something interesting.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply