Added position saving to yesterday’s Prototype example: you can see it here. When you move the box around it will save the position where you drop it, then when you reload the page it’ll start out in that position. Pretty nifty, eh?
I asked John whether there was a way to check that a POST was coming from my site and he said yeah, with
$_SERVER['HTTP_REFERER']. At first this seemed like it would solve the problem, but I realized that you can use FireBug to modify the source code on any page. That means that someone can visit any page on this site, edit the HTML to POST to the PHP file, and it would treat it the same as code I had written.
I think the best solution is to validate the data before inputting it into the database. That way if someone does try to set the position to 1000000px, 1000000px it won’t cause any problems.
Two more helpful sites:
On an unrelated note, I added a “Recommended Books” section to the sidebar, which is something I wish other tech writers did more often.
Yep you are right about being able to modify the post variables. Anytime you have POST data you need to verify it before storing it. Generally in a “Drag N’ Drop” situation you’re going to have some kind of boundaries so that would be a simple check.
Either way if you want preventative measures there’s generally lots of ways to do it.