How can i get the post data url on my server in php

Question

I need to check the request Url in php. Basically i need check whether the form is post from the same server or not. I need to get the action of form in php

Answer 1

There is no reliable way to tell what an HTTP request was constructed in response to.

What you can do is implement defences against CSRF. This won't guarantee that the submission comes from a form on your own server, but it will prevent a third party (Mallory) from tricking a user (Alice) of your site into submitting bad data on their behalf.

When Alice arrives at your site, generate a random token and give it to her (e.g. in a session). Put a copy of that token in a hidden input in your form. If, when the form is submitted, the tokens don't match, then the request is coming from Mallory.

---

If the problem is that you don't trust Alice not to edit the form herself, then you can't use that as a defence.

Don't give Alice data you don't trust her with in the first place. Check the identify of users making requests before you give them access to the relevant bits of the site.

For example, if the form is the "Delete message" form and your concern is "Alice might change the ID of the message to be deleted" then check that Alice is the owner of the message with that ID when you get the request to delete it.

Answer 2

You are in need of a CSRF token.

When the page is requested add a string to the form, like

<input type=hidden name=token value=$token>

and save it in the database as well.

The token can be generated using something like hash of timestamp.

When the form is submitted, verify whether the token was generated by the server itself.