Allen Gingrich
Reputation: 5657
PHP: Prevent cross-site submission of a form to my script
I can't seem to find any answer to this on the web, but how can I be sure a $_POST variable or form was submitted from my site as opposed to just any old site. Is there a way to filter this?
Thanks!
Upvotes: 2
Views: 594
Answers (2)
ajreal
Reputation: 47321
To add more safeguard, you should also assign an allow period (like an hour) to expire session/token
Upvotes: 0
Quentin
Reputation: 943769
Require a secret, user-specific token in all form submissions (as a hidden input) and side-effect URLs (in query strings).
If you use sessions, you can generate a token on creation of a session and store it in the session data.
Upvotes: 4
Related Questions
- Restrict domains that can send PHP POST Info
- Stop Post Data From Different Domain PHP
- form submit security with php
- Prevent off site form posts?
- How can I only allow request from my form
- preventing the form submission with javascript and php
- Prevent PHP form sending with direct access, allow with AJAX
- How to protect a submit form from
- Avoiding cross site scripting
- Prevent Cross-site Scripting in PHP