Home > Backend Development > PHP Tutorial > PHP method to prevent remote submission of forms outside the site. Repeated submission of PHP forms. How to submit forms in PHP. Form submission in PHP.

PHP method to prevent remote submission of forms outside the site. Repeated submission of PHP forms. How to submit forms in PHP. Form submission in PHP.

WBOY
Release: 2016-07-29 08:53:40
Original
1353 people have browsed it

This article mainly introduces the method of PHP to prevent remote submission of forms outside the site. The example demonstrates the method of filtering submission through session and verification code. It is very practical. Coders in need can refer to it.

This article describes the example of PHP preventing the form from being submitted outside the site. The method of submitting forms remotely is shared with you for your reference. The specific implementation method is as follows:

Generally speaking, preventing webmasters from submitting forms is nothing more than adding a token for verification every time the form is opened or data is submitted. This is actually no different from the verification code method. Let’s take a look at a few An example of preventing remote form submission outside the site.

Example 1: Every time we open the submission page, we generate a token and save it in the session. When the form is submitted, we judge whether the current token value is consistent with the session. If so, it is a normal submission, otherwise it is an invalid submission.

The specific code is as follows:

<?<span>php     
</span><span>session_start</span><span>();     
     
</span><span>if</span> (<span>$_POST</span>['submit'] == "go"<span>){     
    </span><span>//</span><span>check token     </span><span>if</span> (<span>$_POST</span>['token'] == <span>$_SESSION</span>['token'<span>]){     
        </span><span>//</span><span>strip_tags     </span><span>$name</span> = <span>strip_tags</span>(<span>$_POST</span>['name'<span>]);     
        </span><span>$name</span> = <span>substr</span>(<span>$name</span>,0,40<span>);     
        </span><span>//</span><span>clean out any potential hexadecimal characters     </span><span>$name</span> = cleanHex(<span>$name</span><span>);     
        </span><span>//</span><span>continue processing....     </span>    }<span>else</span><span>{     
        </span><span>//</span><span>stop all processing! remote form posting attempt!     </span><span>    }     
}     
     
</span><span>$token</span> = <span>md5</span>(<span>uniqid</span>(<span>rand</span>(), <span>true</span><span>));     
</span><span>$_SESSION</span>['token']= <span>$token</span><span>;     
     
 </span><span>function</span> cleanHex(<span>$input</span><span>){     
    </span><span>$clean</span> = <span>preg_replace</span>("![\][xX]([A-Fa-f0-9]{1,3})!", "",<span>$input</span><span>);     
    </span><span>return</span><span>$clean</span><span>;     
}     
</span>?>     
<form action="<?php echo <span>$_SERVER</span>['PHP_SELF'];?>" method="post">     
<p><label <span>for</span>="name">Name</label>     
<input type="text" name="name" size="20" maxlength="40"/></p>     
<input type="hidden" name="token" value="<?php echo <span>$token</span>;?>"/>     
<p><input type="submit" name="submit" value="go"/></p>     
</form>
Copy after login

Another obvious way is to use verification code. This verification code method is the same as other methods. Let’s take a look at a simple example

Example 2: Add verification code

Add verification code when submitting the form, which can effectively prevent the water filling machine from submitting data. However, as graphics and image recognition programs become more powerful, verification code recognition continues to become more difficult. Some verification codes even incorporate sound recognition. Some small sites can use this method.

<span>if</span>(<span>$_POST</span>['vcode'] !=<span> get_vcode())
{
    </span><span>exit</span>('验证码校验失败,无法入库'<span>);
}</span>
Copy after login

Readers who are interested in specific examples can find many relevant examples of verification online.

Original address: http://www.manongjc.com/article/678.html

Related reading:

php prevents cross-domain form submission

js jsonp method to solve cross-domain requests

php determines if when submitting a form ($_POST[submit]) and if(isset($_POST[sub

php multiple submit submission form processing method

php ajax no refresh submission form

The above introduces the method of PHP to prevent remote submission of forms outside the site, including submission of forms and PHP content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template