/    Sign up×
Community /Pin to ProfileBookmark

Submit form

Copy linkTweet thisAlerts:
Jun 25.2009

I have an HTML form that upon submission calls a PHP script. That script loads the fields into variables and then inserts them into a mySQL table.

What’s the best way to check that the referring page is valid?

The script I inherited has the following code:

[CODE]
if (
($_SERVER[‘HTTP_REFERER’] == ‘http://xyz.org/Membership.php’) OR
($_SERVER[‘HTTP_REFERER’]== ‘http://www.xyz.org/Membership.php’)
){
echo ‘<META http-equiv=”refresh” content=”0;URL=/”>’;
}
else die(‘Referer site check failed’);
[/CODE]

Is this reasonable? I’ve read that not all browsers support or send referers. Is the echo necessary?

Thanks,
DJ

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@OctoberWindJun 26.2009 — If you are concerned with people spoofing your form to input whatever they way in the database, you can always add a hidden field to the form, and check for that.
×

Success!

Help @D_J spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.25,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...