How to protect processing files

So I've a php form processing file; say a file name process.php with the codes as

<?php
    $value = $_POST['string']; //Assume string is safe for database insertion
    $result = mysql_query("INSERT into table values {$value}");
    if($result) {
        return true;
    } else {
        return false;
    }
?>

Ideally, only someone who's logged in to my website shall be allowed to send that POST request to perform that insertion. But here, anyone who kno开发者_JAVA技巧w this processing file's path and the request being sent can send any spoof POST request from any domain (if I'm not wrong). This will lead to insertion of unwanted data into the database.

One thing I did is, before the insertion, I checked whether a user is logged in or not. If not, I ignore the POST request. But how exactly should I secure my processing files from exploits?

As it stands this is vulnerable to SQL Injection. Make sure you use a parametrized query library like PDO for inserting the file and the mysql "blob" or "long blob" type. You should never use mysql_query().

You should also keep track of the user's id for user access control. It doesn't look like you have taken this into consideration.