faqts : Computers : Programming : Languages : PHP : Common Problems : Forms and User Input

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

1 of 3 people (33%) answered Yes
Recently 1 of 3 people (33%) answered Yes

Entry

Is there another way to protect forms from being hacked other then querying the HTTP_REFERER header?

Nov 11th, 2005 20:05
Michael Phipps, Kirk Mayo, http://www.apptools.com/phptools/forms/forms7.php
 


Use sessions.  Here's a quick rundown on how.  
Usually a form is made up of 2 pages, an entry page, and a processing
page.  
ON THE ENTRY PAGE:
Add the following code to the very top of your form page, before
everything else, including the DOCTYPE:
<?php
session_start();
session_register("SESSION");
?>
This registers a session value named "SESSION". 
ON THE PROCESS PAGE:
On the page that processes the form, add this to the validation portion
of the code:
<?php
session_start();
if (!session_is_registered("SESSION")){
   echo "Invalid form submission";
   exit;  //stops everything.
}
?>
A more complete description can be found at
http://www.apptools.com/phptools/forms/forms7.php which was the basis of
this answer.