Form post security. Making sure it did not come from outside source

I have a simple form and want to verify that the posted value came directory from that form and not from an outside source.

 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
    <input type="text" name="post" id="post" />
    <input type="submit" name="submit" id="submit" />
 </form>    

Do I need to store something in the sessio开发者_JAVA百科n? A simple example would be extremely helpful. Thanks.

When creating the form, you could use:

<?php
    session_start(); // don't forget that you need to call before output (place first, or use ob_start()
    $_SESSION['formhash'] = md5(date('Y-m-d H:i:s').'2fiaSFI#T8ahugi83okkj');
?>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
<input type="text" name="post" id="post" />
<input type="hidden" name="hash" id="hash" value="<?php echo $_SESSION['formhash']; ?>" />
<input type="submit" name="submit" id="submit" />
</form>

You need to check when somebody is posting that the post request has the correct hash. You could use:

<?php
    session_start(); // don't forget that you need to call before output (place first, or use ob_start()
    if (isset($_SESSION['formhash']) && isset($_POST['hash']) && $_SESSION['formhash']==$_POST['hash']) {
        // treat $_POST
    }
?>