|
Posted by dawnerd on 12/17/15 11:54
Katash wrote:
> ***newbie_request***
>
> I have a simple program that inserts user details into a MySQL database -
> The form validation is dealt with by another program that contains the html
> form
>
> I would like to ensure no-one can create a separate form and post to my
> input program thereby bypassing my validation functions
>
> My question is :- Is there a way I check that the $_POST vars have come from
> a php file on the webserver and halt the sql input with a security warning
> if they're coming from a different source?
>
> Perhaps I'm approaching this from the wrong angle - Am I?
>
>
> TIA
>
> Dave
before you put anything into a database in which a user types or can
edit in anyway, such as any get or post variables, run them through
mysql_escape_string or mysql_real_escape_string at least.
[Back to original message]
|