PHP method to prevent remote form submission outside the site, PHP form submission

PHP method to prevent remote form submission outside the site, PHP form submission_PHP tutorial

WBOY

Release： 2016-07-13 10:16:36

Original

950 people have browsed it

php method to prevent remote form submission outside the site, php form submission

The example in this article describes how PHP prevents remote submission of forms outside the site, and is shared with everyone for your reference. The specific implementation method is as follows:

Generally speaking, preventing webmasters from submitting forms is nothing more than adding a token for verification every time they open a form or submit data. This is actually no different from the verification code method. Let’s take a look at a few ways to prevent off-site remote access. Submit form example.

Example 1: Every time we open the submission page, we generate a token and save it in the session. When the form is submitted, we judge whether the current token value is consistent with the session. If so, it is a normal submission, otherwise it is an invalid submission.

The specific code is as follows:

Copy code The code is as follows:

session_start();

if ($_POST['submit'] == "go"){
//check token
If ($_POST['token'] == $_SESSION['token']){
//strip_tags $name = strip_tags($_POST['name']); $name = substr($name,0,40); //clean out any potential hexadecimal characters
$name = cleanHex($name); //continue processing.... }else{
//stop all processing! remote form posting attempt!
}
}

$token = md5(uniqid(rand(), true));
$_SESSION['token']= $token;

function cleanHex($input){
$clean = preg_replace("![][xX]([A-Fa-f0-9]{1,3})!", "",$input);
Return $clean;
}
?>

Another obvious way is to use verification code. This verification code method is the same as other methods. Let’s take a look at a simple example

Example 2: Add verification code

Adding a verification code when submitting the form can effectively prevent the water filling machine from submitting data. However, as graphics and image recognition programs become more powerful, verification code recognition continues to become more difficult. Some verification codes even include sound recognition. Some small sites can use this method.

Copy code

The code is as follows:

if($_POST['vcode'] != get_vcode()) { exit('Verification code verification failed and cannot be stored'); }

Readers who are interested in specific examples can find many relevant examples of verification on the Internet.

I hope this article will be helpful to everyone’s PHP programming design.

How does PHP code prevent external websites from submitting forms to this site

Try adding a verification code

How to prevent direct URL submission outside the site in php

Add a variable to the second page and pass it there, and then judge this variable to determine whether access is prohibited.
index.php
$i=$_GET['i'] ;
$servername=$HTTP_SERVER_VARS['SERVER_NAME'];
$sub_from=$HTTP_SERVER_VARS["HTTP_REFERER"];
$sub_len=strlen($servername);
$checkfrom=substr($ sub_from,10,$sub_len);
if($checkfrom!=$servername and !$i){
echo("<script>alert('Please do not submit data from outside!');window. location.href='login.php';</script>");
exit;
}
?>

p.php
<script>window .setTimeout("location='index.php?i=1'",20000)</script>

The problem is solved, but I don’t think it’s very good. Haha
It’s also an idea. Personally, I’m very disgusted with variables after the URL. It’s also possible to replace it with a hidden form POST. . But you can’t use js to automatically jump.