Message Security Form. Make sure he didn't come from outside

Question

Message Security Form. Make sure he didn't come from outside

I have a simple form and you want to check that the output value came from this form, and not from an external source.

<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST"> <input type="text" name="post" id="post" /> <input type="submit" name="submit" id="submit" /> </form>

Do I need to store something in a session? A simple example will be very helpful. Thanks.

+4

security php forms

Dietpixel May 15, '11 at 15:40

source share

1 answer

AndersTornkvist · Accepted Answer · 2011-05-15T15:48:45+0000

When creating a form, you can use:

 <?php session_start(); // don't forget that you need to call before output (place first, or use ob_start() $_SESSION['formhash'] = md5(date('Ymd H:i:s').'2fiaSFI#T8ahugi83okkj'); ?> <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST"> <input type="text" name="post" id="post" /> <input type="hidden" name="hash" id="hash" value="<?php echo $_SESSION['formhash']; ?>" /> <input type="submit" name="submit" id="submit" /> </form>

You need to check when someone sends a message that the mail request has the correct hash. You can use:

 <?php session_start(); // don't forget that you need to call before output (place first, or use ob_start() if (isset($_SESSION['formhash']) && isset($_POST['hash']) && $_SESSION['formhash']==$_POST['hash']) { // treat $_POST } ?>

Message Security Form. Make sure he didn't come from outside

More articles: