Cross-Site Request Forgeries
PHP Security
2025-03-18
34
CSRF Defense.
•
Use
POST
rather than
GET
in forms.
•
Use
$_POST
rather than rely on
register_globals
(or
$_REQUEST
).
•
Do not focus on convenience.
•
Force the use of your own forms.