保护API请求表单

好的，我有以下php:

    <?php
 //function to return nice url's for our pdf's 
 function seoUrl($string) {
    //Lower case everything
    $string = strtolower($string);
    //Make alphanumeric (removes all other characters)
    $string = preg_replace("/[^a-z0-9_'s-]/", "", $string);
    //Clean up multiple dashes or whitespaces
    $string = preg_replace("/['s-]+/", " ", $string);
    //Convert whitespaces and underscore to dash
    $string = preg_replace("/['s_]/", "-", $string);
    return $string;
}
//Set up our POST variables
$name = $_POST['name'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$zipcode = str_replace(' ', '',$_POST['zipcode']);
//Store your XML Request in a variable
    $input_xml = urlencode('<ExternalReturnLabelRequest> 
                            <CustomerName>'.$name .'</CustomerName> 
                            <CustomerAddress1>'.$address1.'</CustomerAddress1> 
                            <CustomerAddress2>'.$address2.'</CustomerAddress2> 
                            <CustomerCity>Washington</CustomerCity>
                            <CustomerState>DC</CustomerState> 
                            <CustomerZipCode>'.$zipcode.'</CustomerZipCode> 
                            <LabelFormat>NOI</LabelFormat>
                            <LabelDefinition>Zebra-4X6</LabelDefinition> 
                            <ServiceTypeCode>020</ServiceTypeCode> 
                            <AddressOverrideNotification>false</AddressOverrideNotification> 
                            <CallCenterOrSelfService>Customer</CallCenterOrSelfService> 
                            <AddressValidation>false</AddressValidation>
                            </ExternalReturnLabelRequest>');
//start Curl tried file_get_contents but to no avail..
$curl_handle=curl_init();
curl_setopt($curl_handle, CURLOPT_URL,"https://returns.usps.com/Services/ExternalCreateReturnLabel.svc/ExternalCreateReturnLabel?externalReturnLabelRequest=".$input_xml);
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
$query = curl_exec($curl_handle);
curl_close($curl_handle);
//decode the response this will fail if nothing returned 
$pdfdecode = base64_decode($query);
if($pdfdecode != false){
    $urlfriendlyname = seoUrl($name);
    $myFile = "labels/labelfor".$urlfriendlyname.$zipcode.".pdf";
    $fh = fopen($myFile, 'w') or die("can't open file");
    fwrite($fh, $pdfdecode);
    fclose($fh);

    header("Location: http://thedarkroom.com/wp-content/themes/thedarkroom2012/".$myFile); 
    exit();
    /*
    MID 201198
    */
}else{
    header("Location: http://thedarkroom.com/label/?labelerror=".$query); 
    exit();
}
echo "<pre>";
var_dump($pdfdecode);
var_dump($query);
echo "</pre>";

和这个html:

            <form method="POST" action="<?php echo get_template_directory_uri(); ?>/get_labels.php" >
                <fieldset id="labelfields">
                    <label for="name">Name</label><br>
                    <input name="name" type="text" placeholder="Name"/> <br>
                    <label for="address1">Address Line one</label>
                    <input name="address1" type="text" placeholder="Address line one"/><br>
                    <label for="address2">Address Line two</label>
                    <input name="address2" type="text" placeholder="Address line two"/><br>
                    <label for="zipcode">Zip code</label>
                    <input name="zipcode" type="text"  placeholder="Zip Code"/><br>
                    <label for="CustomerState">State</label>
                    <input name="CustomerState" type="text"  placeholder="State"/><br>
                    <label for="CustomerCity">City</label>
                    <input name="CustomerCity" type="text"  placeholder="City"/><br>
                    <input type="submit" value="Create Label" />
                </fieldset>
            </form>

确保这一点的最佳实践是什么?我选择了条带标签。