I have this case : I have a file named form.php and it contains

Question

0

Asked: June 16, 20262026-06-16T07:31:56+00:00 2026-06-16T07:31:56+00:00

I have this case : I have a file named form.php and it contains

0

I have this case :

I have a file named form.php and it contains just simple HTML form with POST method and the ‘action’ file of that form always on different file, let’s say : action.php. all of this scripts stored under a domain named : realdomain.com (just an example).

today, I created a fake form from another domain (example : fakedomain.com), then I put this : action="http://realdomain.com/action.php" then hit the submit button and action.php on realdomain.com can’t distinguish if it’s from realdomain.com or fakedomain.com and let it goes through just like that…

Then I have an idea to put some ‘filter’ on the action.php to ONLY process the variables submitted if the referred domain is realdomain.com using $_SERVER['HTTP_REFERER'].

But again, in some forums or blog post, this method is not reliable at all since HTTP_REFERER can be faked too.

So, how to validate this? I mean, how to make action.php ONLY process variables submitted from same server?

thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T07:31:57+00:00

Editorial Team

2026-06-16T07:31:57+00:00Added an answer on June 16, 2026 at 7:31 am

You can implement CSRF protection in your form, a good tutorial: http://phpmaster.com/preventing-cross-site-request-forgeries/

Sorry for the short answer but I am writting on an iphone.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have this case : I have a file named form.php and it contains

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply