Hi, I have a PHP script hat excutes data given in from a form… but I also need to make sure it only processes the data from the domain the file is located in, so someone else cannot upload a form and stick action pointing at my file… this is what I have come up with:
if ($_SERVER['REQUEST_METHOD']=="POST"; && (!strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'];)) die("Bad request.");
It all seems correct to me, it should work…
Can anyone shed any light ?
