Prevent access from external HTML forms?

[bachx]

I've noticed that some of my scripts are vulnerable to external HTML forms, meaning someone can use my functions using his own form. This might cause a bit of a problem to me. Is there any way to prevent someone from accessing my scripts using such a form and limit the access to my own forms?

[bachx]

Anyone?

[Clintonio]

From my experience you cannot, and even if you did, you'd get people just Java injecting into your forms to the same effect.

 

The best thing to do is checks after it has been entered, and before the script processes. Like checking if the values are of a correct range, or a certain type, certain case, or even just a specific value.

 

Post data is held in browser headers anyway if I am remembering right, so no, it's impossible to stop such attacks. It's down to you to secure your scripts...

 

Correct me if I am wrong.

[desithugg]

You could use php predefined variables to check where the user is coming from and if the value doesn't match the page with your form you can show an error.

<?
if($_SERVER['HTTP_REFERER']!="http://www.phpfreaks.com/myform.html"){
echo"Error."; 
exit;
}
?>

That would work but there's ways around it but you wouldn't expect the average person to go through so much trouble.