php Method for Preventing Forged Data from Submitting from Address Bar URL

For forged data submitted from URL, the first is the following code to check the source of the previous page:

<?/*PHP Methods to prevent data submission outside the station */
function CheckURL(){
$servername=$_SERVER['SERVER_NAME']; 
$sub_from=$_SERVER["HTTP_REFERER"]; 
$sub_len=strlen($servername); 
$checkfrom=substr($sub_from,7,$sub_len); 
if($checkfrom!=$servername)die(" Warning! You are submitting data from outside! Please terminate immediately! "); 
}
?>

This method can only prevent URL manually entered in the browser address bar.

In fact, as long as a hyperlink to the URL is constructed on the server (www. ofstack. com), such as adding a hyperlink when posting, and then clicking, the Check will not work at all.
At present, it is more reliable to transfer important data by POST.
You can insert one hidden text into form to pass data.
Or use the following method to submit data from the client to the server using Ajax.

/* Create XHR Object */
function createXHR()
{
if (window.XMLHttpRequest){
var oHttp = new XMLHttpRequest();
return oHttp;
} 
else if (window.ActiveXObject){
var versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"];
for (var i = 0; i < versions.length; i++){
try {
var oHttp = new ActiveXObject(versions[i]);
return oHttp;
} catch (error) {}
}
}
throw new Error(" Your browser does not support AJAX ! ");
}
/* Use AJAX Toward page Page transfer data */
function ajaxPost(url,query_string='')
{
var xhr;
xhr = createXHR();
xhr.open('POST',url,false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312");
xhr.onreadystatechange = function(){if (xhr.readyState == 4)if (xhr.status != 200)return;}
xhr.send(query_string);
}