php - How to prevent server side from receiving data from unintended source -

i have php service called additem.
service called when submit form on client side.

how can secure make sure item added when called intended form?
trying prevent submitting stuff through automated curl call example.

thank you,
tee

short answer can't. long form accessible, method use secure form can tackled in automated way. should never count on data sent user secure. however, there few things can make things more challenging wanting spoof form.

• add captcha filter out scripted submission, have greatest negative impact on regular users.
• employ form of csrf protection (which should have anyway). mean wanting submit data via form must request form first. if form accessible behind login wall, make things quite challenging.
• if require users have javascript, try using js when setting key csrf protection. means js must parsed or executed in order submit valid form.
• filter common user agents such curl , wget.
• check form sent via post , not get.
• add rate limiting on server throttle submissions reasonable level.
• check http referrer. faked, 1 more hoop jump through.

ultimately, if wants submit data form through other means, it's still possible. above steps can make more challenging, action can taken user can scripted, make sure have appropriate validation on server side.