PHP prevents refresh and repeated submission of example code-PHP Tutorial-php.cn

PHP prevents refresh and repeated submission of example code

WBOY

Release： 2016-07-25 09:12:19

Original

1168 people have browsed it

Prevent direct access to the PHP page, only quote it! In this way, you cannot directly access the B page. You can also add COOKIE to A and delete the COOKIE after B determines the COOKIE. Prevent module refresh So I considered adding a parameter to prevent this kind of situation from happening. COOKIE and SESSION are available, but COOKIE is client-side. If someone disables COOKIE, they can still maliciously refresh the number of clicks. It is better to use SESSION. The MD5 value of IP+URL parameters is used as the SESSION name. I think it is difficult for everyone to forge it. Implementation principle: Set max_reloadtime =100; //Set the maximum page refresh interval The first time the user opens the page, the current time is recorded and saved in session_start The second time the user opens the page (to determine whether session_start exists) subtracts the current time from session_start to get the difference time_passed When time_passed

Example:

session_start();
$k = $_GET['k'];
$t = $_GET['t'];
//Anti-refresh time
$allowTime = 1800 ;
$ip = get_client_ip();
$allowT = md5($ip . $k . $t);
if (!isset($_SESSION[$allowT])) {
$refresh = true;
$_SESSION[ $allowT] = time();
} elseif (time() - $_SESSION[$allowT] > $allowTime) {
$refresh = true;
$_SESSION[$allowT] = time();
} else {
$refresh = false;
}
?>

Copy code

Example 2, PHP prevents duplicate submission. First, you can define a session variable to save the submission sequence number of a form. This is defined as "$userLastAction".

Then, add a hidden variable to the form and set the value to $userLastAction+1: > Finally, determine whether the form has been submitted before processing the submission:

if($lastAction>$userLastAction and inputIsValid(…)){
$userLastAction++; // Add 1 to the sequence number
// Process form data
}

Copy code

Submit page:

$_SESSION['code']=mt_rand(1,1000);//Generate a random number between 1 and 1000
?>

Copy code

Submitted page:

if($_SESSION['code']!=$_REQUEST['scode']){
echo "Please do not resubmit";
exit;
}
$_SESSION[' code']=0
/* Improved version
PHP prevents users from refreshing the page (Refresh or Reload) and submitting form content repeatedly.
Since the content of the form variable is referenced by $_POST['name'], maybe after processing the form, $_POST['name'] can be destroyed directly (unset()). actually not. It may be that the page caches the form content by default, so even if $_POST['name'] is destroyed, $_POST['name'] will still be assigned a value after refreshing, and it is still valid.
Can be solved using Session. First assign a value to the Session, such as 400. After the first submission is successful, change the value of the Session. When submitting the second time, check the value of the Session. If it is not 400, the data in the form will no longer be processed.
Can the validity time of Session be set?
*/
if (isset($_POST['action']) && $_POST['action'] == 'submitted') {
session_start();
isset($_SESSION['num']) or die ( "no session");
if ($_SESSION['num']==400){

print '

'; </li>
<li> print_r($_POST); </li>
<li> print '<a href="'. $_SERVER ['PHP_SELF'] .'">Please try again</a>'; </li>
<li> print '

$_SESSION['num']=500;
} else {
print ' <li> print_r($_POST); </li> <li> echo "However you have submitted"; </li> <li> print '';
}
} else {
session_start() or die("session is not started");
$_SESSION['num']= 400;
?>
Name: < ;input type="text" name="personal[name]">
Email:
Beer: < ;br>
< input type="submit" name="submit" value="submit me!">
}
?>