Home > Backend Development > PHP Tutorial > 关于非常提交的问题,请各位看看

关于非常提交的问题,请各位看看

WBOY
Release: 2016-06-23 14:14:12
Original
748 people have browsed it

如下代码:

<form name="form1" method="post" action="ok.php"><input type="text" name="phone" class="phone" /><input type="submit" name="okbtn" class="btn" value="" /><input type="hidden" name="save" value="1" /></form>
Copy after login

当点击提交按钮的时候,我判断save==1就说明是正常提交可通过,但是如果直接用"ok.php?save=1"也能通过,请问如何才能不让人直接用"ok.php?save=1"来提交????


回复讨论(解决方案)

不要赋初值1

你用$_POST['save'] 来检测就是了,不过还是有漏洞,可以curl模拟提交。

不要赋初值1
仍然可以提交

1\你是 用 $_REQUEST['save']  这个来接收的?
  这个可以接收 get/post方式的提交,
  用$_POST['save']接收,可以过滤掉在地址栏输入 ok.php?save=1

2\ 改成默认为0;



但是只要在浏览器中能进行和获取的数据,都可以模拟,

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template