I made 2 security checks in php to verify the integrity of a html form post data:
1) I pass a md5 random token in a hidden field in page1 and I check it in the processor page
2) since I am dealing only with product ids (that are numeric), in the processor page I check the whole array key by key with the function is_numeric
Do you think that this could prevent attacks to my form or there is something more that I could do?
as long as you have a salted hash that you can verify on both ends thats unique along with SSL its probably as safe as you can get. This is the exact method CodeIgniter uses for security.
In most cases I use this simple construction. On front-end side:
<script type='text/javascript'>
function rrtyMui() {
document.getElementById('TellFriendFHash').value = "<?= md5(date("Y-m-d H:i:s")) ?>";
return true;
}
</script>
<form method="post" action="/some-action/" name="rform" onsubmit="rrtyMui(); return validateRForm(this);">
<input type="hidden" id="TellFriendFHash" name="TellFriendFHash" value="">
....
</form>
On server-side I verify _POST("TellFriendFHash"). If it value is empty, then you deal with some script (robot). In 80% cases it working wery well. In other 20% cases I use something like Captcha.