Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.
Checking the method that was used to invoke your script is also a good security practice. This will help to harden your applications against unwanted breaches. If you are expecting to use POST methods for your application, then don't allow your script to be invoked with a GET method. For example:
If ($_SERVER['REQUEST_METHOD'] == 'POST') { //your code goes here } else{ echo (" Hacking Attempt "); exit; }
Another thing you can do, is to check where the script is being invoked from. The server variable $HTTP_SERVER_VARS[HTTP_REFERRER'] contains the previous web page location. This can be very helpful blocking security problems, if you know your target audience. But, that being said, there are a couple of caveats. A hacker experienced in security intrusions may be able to spoof this to make it SEEM as if they came from the proper location. Also, personal firewalls such as Norton Personal Firewall or Zone Alarm block the referrer value by default. In that case, the client browsers don't return any value for $HTTP_SERVER_VARS[HTTP_REFERRER']. So while this is a can be a great tool to secure your scripts, it can also be virtually useless.
