php Prevents Forged Data Submission Method from URL

For forged data submitted from URL, the first is the following code to check the source of the previous page:

<?/*PHP Methods to prevent data submission outside the station */
function CheckURL(){
  $servername=$_SERVER['SERVER_NAME']; 
  $sub_from=$_SERVER["HTTP_REFERER"]; 
  $sub_len=strlen($servername); 
  $checkfrom=substr($sub_from,7,$sub_len); 
  if($checkfrom!=$servername)die(" Warning! You are submitting data from outside! Please terminate immediately! "); 
}
?>

This method can only prevent URL entered manually on the browse bar.
In fact, as long as you construct a link to the URL on the server (such as adding hyperlinks when posting) and click again, the Check will not work at all.

At present, it is more reliable to transfer important data by POST.
You can insert some hidden text into form for passing data.
Or use the following method to submit data from the client to the server using Ajax.

/* Create XHR Object */
function createXHR()
{
  if (window.XMLHttpRequest){
    var oHttp = new XMLHttpRequest();
    return oHttp;
  } 
  else if (window.ActiveXObject){
    var versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"];
    for (var i = 0; i < versions.length; i++){
      try {
        var oHttp = new ActiveXObject(versions[i]);
        return oHttp;
      } catch (error) {}
    }
  }
  throw new Error(" Your browser does not support AJAX ! ");
}
/* Use AJAX Toward page Page transfer data */
function ajaxPost(url,query_string='')
{
  var xhr;
  xhr = createXHR();
  xhr.open('POST',url,false);
  xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312");
  xhr.onreadystatechange = function(){if (xhr.readyState == 4)if (xhr.status != 200)return;}
  xhr.send(query_string);
}