2. Documentation - PHP/MySQL/HTML5/CSS3
  3. v2.x
  4. Securing websites
  5. Preventing CSRF (Cross Site Request Forgery)

Preventing CSRF (Cross Site Request Forgery)

CSRF (Cross Site Request Forgery) is a type of attack where a malicious command is executed through POST or GET command. For example:

To prevent CSRF for POST-based form, use inside tag and in your method when receiving the POST data, use valid_CSRF_Verification() method to find out if it's a fake request. For example:

if (valid_CSRF_Verification())
{
// valid, go on and process the POST
} else{
// invalid
   die("Invalid CSRF verification").
}