I think you are looking for something different. do this:
print "<pre>"; print_r($_SERVER); print "</pre>"; You will see a whole bunch of useful globals. As a matter of fact, try this one out too: print "<pre>"; print_r($GLOBALS); print "</pre>"; Jim Grill Support Web-1 Hosting http://www.web-1hosting.net ----- Original Message ----- From: "Bob Lockie" <[EMAIL PROTECTED]> To: "Dennis Gearon" <[EMAIL PROTECTED]>; "Tech Support" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, July 28, 2002 1:19 PM Subject: Re: [PHP] php 'mail()' security > > >There is no substitute for good data verification such as strip_tags() or > >some regular expressions to limit valid input. I also would recomend > >checking the referrer to be sure someone doesn't hijack you form and try to > >modify it and submit it from a remote location. Here is an example: > > > >if (validReferrer() === false) > > die("invalid referrer"); > > > >function validReferrer() > >{ > > $_valid_referrers = > >array("www.yoursite.com","www2.yoursite.com","yoursite.com"); > > $referer = str_replace('//', '/', $_SERVER['HTTP_REFERER']); > > $ref = explode('/', $referer); > > if ( in_array($ref[1], $_valid_referrers) ) > > return true; > > else > > return false; > >} > > That is a good idea. > $_SERVER['HTTP_REFERER'] is the web server identifier, right? > My web server is 10.0.0.5 from the internal LAN. > I am hesitant to allow HTTP_REFERERs from 10.0.0.5 because it seems to me that it would be easy enough to configure a strange box > to imitate 10.0.0.5. > Can I somehow check that the HTTP_REFERER = localhost? > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
