I have created a PHP form, which, upon submission, goes to another PHP page. This validates all the input, removes backslashes etc.
My question is this: if I create a check before the PHP script processes any of the information, by checking a POST variable called something like ‘uniquecode’ which would be posted along with the form, would this make my form more secure?
I am using all post variables. My script is getting quite advanced and I want it to be as secure as possible, but also as simple as possible.
Adding additional verification fields into the HTML won’t secure the form, This is because the HTML can be manipulated by the user once rendered.
If you want to protect your form from spam, I recommend reCaptcha:
http://www.google.com/recaptcha
People on Stack Overflow will help you to integrate this if you need help.
You can also search for information about “Cross-Site scripting” (XSS) for security tips. Here is the Wikipedia article to get you started: http://en.wikipedia.org/wiki/Cross-site_scripting
Guarding against XSS is important to make sure that all the information being processed by PHP has actually come from your own site, and not somebody else’s.
Hope this helps you out.