Qbasicnews.com

As an added security measure in one of my new scripts for Rhianna's Gifts, I would like to add the ability for the script to determine exactly where the form request came from. I've looked through the PHP documentation and cannot find anything solid...the closest lead I got was $_SERVER['HTTP_REFERER'] which is easily botched by any hacker worth his salt. I've already sanitized the input from the form so SQL injection attacks aren't possible, but just in case something new comes up that isn't handled, I'd like to be able to reject form requests that aren't coming from a very specific location. Any ideas?

HTTP is stateless; there's no way to do that (unless you add some kind of cookie-based authentication system).

Store a randomly-generated string in a PHP session variable, include this in a hidden field on the form page. Only accept the form page if the hidden field exists and its value matches the session variable.

Oh, that does give me a good idea, Thanks, guys. I'm already using PHP session variables, they're required by my shopping cart to keep track of who's ordering what, but I can also use it to botch a remote form.