php prevents forged data from URL submission method.
For the case where forged data is submitted from the URL, the first is the following code that checks the source of the previous page:
<?<span>/*</span><span>PHP防止站外提交数据的方法</span><span>*/</span>
<span>function</span><span> CheckURL(){
</span><span>$servername</span>=<span>$_SERVER</span>['SERVER_NAME'<span>];
</span><span>$sub_from</span>=<span>$_SERVER</span>["HTTP_REFERER"<span>];
</span><span>$sub_len</span>=<span>strlen</span>(<span>$servername</span><span>);
</span><span>$checkfrom</span>=<span>substr</span>(<span>$sub_from</span>,7,<span>$sub_len</span><span>);
</span><span>if</span>(<span>$checkfrom</span>!=<span>$servername</span>)<span>die</span>("警告!你正在从外部提交数据!请立即终止!"<span>);
}
</span>?>This method can only prevent URLs that are manually entered on the browser bar.
In fact, as long as you construct a hyperlink pointing to the URL (www.jbxue.com) on the server, for example, add the hyperlink when posting, and then click it, this Check will have no effect at all.
Currently, I think it is more reliable to use the POST method to transmit important data.
You can insert some hidden text in the form to pass data.
Or use the following method to submit data from the client to the server using Ajax.
<span>/*</span><span>创建XHR对象</span><span>*/</span>
<span>function</span><span> createXHR()
{
</span><span>if</span> (window.<span>XMLHttpRequest){
</span><span>var</span> oHttp = <span>new</span><span> XMLHttpRequest();
</span><span>return</span><span> oHttp;
} // www.jbxue.com
</span><span>else</span> <span>if</span> (window.<span>ActiveXObject){
</span><span>var</span> versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"<span>];
</span><span>for</span> (<span>var</span> i = 0; i < versions.length; i++<span>){
</span><span>try</span><span> {
</span><span>var</span> oHttp = <span>new</span><span> ActiveXObject(versions[i]);
</span><span>return</span><span> oHttp;
} </span><span>catch</span><span> (error) {}
}
}
</span><span>throw</span> <span>new</span> Error("你的浏览器不支持AJAX!"<span>);
}
</span><span>/*</span><span>用AJAX向page页面传递数据</span><span>*/</span>
<span>function</span> ajaxPost(url,query_string=''<span>)
{
</span><span>var</span><span> xhr;
xhr </span>=<span> createXHR();
xhr</span>.open('POST',url,<span>false</span><span>);
xhr</span>.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312"<span>);
xhr</span>.onreadystatechange = <span>function</span>(){<span>if</span> (xhr.readyState == 4)<span>if</span> (xhr.status != 200)<span>return</span><span>;}
xhr</span>.<span>send(query_string);
}</span>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
