php - safest way to process POST actions -


this way i'm handling post submit actions:

<form action="process.php" method="post"> //several form fields  <input type="submit" name="ok" value="save" /> 

then on processing page have this:

if(isset($_post['ok']) && $_post['ok']=="save") {     //process action, , possibly save database } 

now i'm fearing malicious person might this(from script on website)

<form action="http://www.mysite.com/process.php" method="post"> //he can "view source" on site, view fields i'm having , put them //then put submit button <input type="submit" name="ok" value="save" /> 

of course see in hot soup. can do, or safest way of handling , processing post submit actions?

there 2 potential problems here.

stopping mallory making malicious requests bob's website

  1. authenticate user (with oauth, username , password, or whatever)
  2. check authenticated user authorised whatever request asking before proceeding it

stopping mallory tricking alice making malicious request bob's website

this csrf attack. defend against nonse.


Comments

Popular posts from this blog

wireshark - USB mapping with python -

c++ - nodejs socket.io closes connection before upgrading to websocket -

Deploying Qt Application on Android is really slow? -