On Sat, August 12, 2006 1:55 pm, Afan Pasalic wrote:
> could I use this code to check if form is submitted from the same
> page/same domain
>
> if ($_POST['form_submitted'] == 'Yes')
> {
> if (preg_match($_SERVER['HTTP_HOST'], $_SERVER["HTTP_REFERER"]) ==
> 0)
> {
> die ('^&[EMAIL PROTECTED]');
> }
> }
No.
HTTP_REFERER is completely unreliable.
If you want to be sure of the source of your POST data coming from
your form, you need to send a unique unpredictable token in the FORM,
and log it when you send the FORM, and then compare what comes back.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
