I have a ton of data collection forms on my website, and I wrote a PHP script to handle all the data. All the forms have that one script as their action, and POST as the method. The handler emails a copy of the data to me, and I'd like for the emails I get to contain the URL of the form where they originated. Is there any way in PHP to get the url of the form which was submitted to the script? Or do I have to add an extra hidden field in every form with its URL?
+3
A:
Send the following variable in the email as well:
$_SERVER['HTTP_REFERER']
zaf
2010-05-12 14:24:46
Which, I'm surprised no one here has harped on you about, is not always available.
gms8994
2010-05-12 14:27:45
While this would work most of the time, this is not a foolproof method, as browsers can send anything they want as the referrer.
R. Bemrose
2010-05-12 14:28:17
I'd also suggest using this before sending the email to make sure the data is coming from your domain, so you're not emailing garbage data somebody sent to your server from an outside website. You can use `$_SERVER['HTTP_HOST']` to get the current host name.
Slokun
2010-05-12 14:30:19
I've already got it secured by requiring a GET parameter "key" which has to match an encrypted password I use in order for the email to be sent. But this would make that unnecessary, thx
Mike Turley
2010-05-12 15:39:09
@Siokun will HTTP_HOST get the origin URL, or just the host name of the server where my PHP runs? Because I'm running all my PHP locally on my home server, while hosting the website on a paid service (just for development purposes, I'll migrate it to the server when I'm done debugging it)
Mike Turley
2010-05-12 15:41:42
+2
A:
If you want to ensure that posts only arrive from your own form, you could put a one-time token on the form in a hidden field to validate.
Sohnee
2010-05-12 14:40:38