I can’t seem to find any answer to this on the web, but how can I be sure a $_POST variable or form was submitted from my site as opposed to just any old site. Is there a way to filter this?
Thanks!
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I can’t seem to find any answer to this on the web, but how can I be sure a $_POST variable or form was submitted from my site as opposed to just any old site. Is there a way to filter this?
Thanks!
Require a secret, user-specific token in all form submissions (as a hidden input) and side-effect URLs (in query strings).
If you use sessions, you can generate a token on creation of a session and store it in the session data.