How to secure Form Post in php?

Question

How can I secure a form Post?

Example:

File1 - form.php
File2 - action.php

The form.php posts to action.php.

How can I find out if the form data in action.php was really posted from form.php?

actually there is no way. the only thing you can do is validate all the inputs in `action.php`. you can add some security like captcha to make sure it is submitted by a human. — bansi, Dec 31 '15 at 05:42
http://stackoverflow.com/questions/16501984/php-csrf-attack etc etc its called csrf — , Dec 31 '15 at 05:48
@Fred-ii- yup, but i had used my vote so i couldent close it ;(, but you can. — , Dec 31 '15 at 19:24
@Dagon Done. *Happy New Year* and go easy on the coffee and the cabbie ;-) *Cheers* — Funk Forty Niner, Dec 31 '15 at 19:26

score -1 · Answer 1 · answered Dec 31 '15 at 05:42

-1

You use $SERVER['HTTP_REFERER'] in action.php find the Post source

answered Dec 31 '15 at 05:42

Aaron

$SERVER['HTTP_REFERER'] is browser set, any one can fake it – Dec 31 '15 at 05:44
sure,$SERVER['HTTP_REFERER'] can be fake – Aaron Dec 31 '15 at 05:49

score -1 · Answer 2 · answered Dec 31 '15 at 05:46

-1

If u are using the post method to send data to action.php it is some what secure than the get method

    <form action="action.php" method="get">
//ur elements
    <br><input type="submit"></form>

answered Dec 31 '15 at 05:46

Brotherhood

post is no more secure than get – Dec 31 '15 at 05:48
As far as security, they are inherently the same(GET/POST). POST is good for standard forms used to submit one time data. I wouldn't use GET for posting actual forms, unless maybe in a search form where you want to allow the user to save the query in a bookmark, or something along those lines. – Brotherhood Dec 31 '15 at 06:21

2 Answers2