Tuesday, June 24, 2008

Prevent form post request from another domain in PHP

HTTP POST request from outside domain is one of the way of attacking your website. A intruder can use JavaScript in other domain or localhost to send the repetitive POST request to your web page containing PHP script. We must prevent this kind of cross domain form posting which might be harmful of our website.

Example of form post a spam

Let’s suppose that, we have a contact form in our website and we’re posting the detail of the form to “contact.php” file. A intruder can use JavaScript in another domain and can send the repetitive post request by placing “http://our-site/contact.php” in the action field of their code and spam our website.

How to check the form being posted from another domain

We can use HTTP_REFERRER server variables to prevent the cross domain form post request. You can look at the example code in PHP below to check the POST request is from the same domain or different domain.

//if example.com is there in HTTP_REFERRER variable
if(strpos($_SERVER['HTTP_REFERER'],’example.com’))
{
//only process operation here
}

HTTP_REFERRER variable is used here to check where the post request came from. Then, along with strpos() function of PHP, we can check weather the HTTP_REFERRER variable contains our domain as a referrer website or not. If the post request is from our domain then only we can execute the remaining code of our page.

Articles for optimizing MySQL queries

Optimization is a complex task because ultimately it requires understanding of the entire system to be optimized. Although it may be possible to perform some local optimizations with little knowledge of your system or application, the mo

Optimization is a complex task because ultimately it requires understanding of the entire system to be optimized. Although it may be possible to perform some local optimizations with little knowledge of your system or application, the more optimal you want your system to become, the more you must know about it.

The following 10 articles explain and give some examples of different ways to optimize MySQL:

  1. Identifying slow MySQL queries
  2. MySQL & PHP Performance Optimization Tips
  3. MySQL Presentations: Optimizing MySQL
  4. MySQL 5 Optimization and Tuning Guide
  5. Survive heavy traffic with your Web server
  6. Tools to use for MySQL Performance - Peter Zaitsev
  7. MySQL Queries Optimization (video) - Peter Zaitsev
  8. Table Design and MySQL Index Details
  9. MySQL Reference Manual: Optimization Overview
  10. MySQL Reference Manual: The MySQL Query Cache