PHP 防止外部提交表单|禁止跨站提交

$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : NULL;
$host = $_SERVER['HTTP_HOST'];
echo '提交过来的地址：'.$referer;
echo &#39;<br>&#39;;
echo &#39;本站域名：&#39;.$host;
echo &#39;<br>&#39;;
echo substr($referer,7,strlen($host));
if(substr($referer,7,strlen($host)) != $host){
 echo &#39;非法操作&#39;;
}else{
 echo &#39;正常操作&#39;;
}