Yes, theoretically...you could require it to be posted data. In order to do this you would have to make sure "registered_globals" is set to "off" in your php.ini and then for each variable posted from your form you will need to do something like this....
$name=$_POST["name"]; This will only post the variables if they have been "posted." Then you could use the referrer along with this and it will only allow data from that specific form. Hope this helps! Brian Drexler -----Original Message----- From: Pag [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: [PHP] Hacker problem Been having some hacker problems on my site, and a simple one: I have a shoutbox, a simple form with name and text that adds lines to the database. I do checks for insults, too long words, tags, etc, but its still possible to circumvent those checks by adding the data on the url instead of using the form. something like: www.domain.com/shoutb.php?name=hacker&text=generalnonsenseandbadwords To prevent this, i tried tracing the http_referral so that only data from inside the site goes into the shoutbox. THe problem is that if you do that url above after visiting my site, the http_referral obviously thinks its coming from inside the site. :-P How can i solve this? Is there any way to prevent data adding from outside? Maybe some invisible check on the form or something? Thanks. Pag -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
