Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m just wondering how you go about preventing people trying to fool your script & POST’ing a similar looking form from a remote site.. say for example to try & put in extra values into select fields you don’t have in yours or something of that nature.
To prevent Cross-Site Request Forgery (CSRF), you should use a so called CSRF token that verifies the authenticity of the request. Additionally, you can check the HTTP Referer and only allow the transaction if it’s empty (not existing) or one of your addresses.
See also OWASP’s Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet for further information.