Menu
I've got a submission form, with 9 fields, 6 of which require validation, including a upload field with file size and file type validation.
Generating a random token, to prevent CSRF is working, but what is the correct way to validate when using a token?
If I do the validation within the same file, the token is regenerated with the validation reload. (can this be prevented? I've tried isset() but still regenerates.) However using the same file prevents the users Name and Email from being stored in a session.
Is it best to do the validation within a separate file, which then redirects back to the form with basic variables in the URL for each error, i.e. http://www.example.com/form?n=1
Using a separate file would also mean storing the form data within session, so the form can be repopulated if errors exist on the redirect.
Any help gratefully received.
342
From experience, CodeIgntier does great CSRF implementation, among other security mesures. I would suggest that you go over their code to gain a good understanding of the whole process. Also see this.
146
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
