This article mainly introduces the method of PHP to prevent remote submission of forms outside the site. The example demonstrates the method of filtering submission through session and verification code. It is very practical. Coders in need can refer to it.
This article describes the example of PHP preventing the form from being submitted outside the site. The method of submitting forms remotely is shared with you for your reference. The specific implementation method is as follows:
Generally speaking, preventing webmasters from submitting forms is nothing more than adding a token for verification every time the form is opened or data is submitted. This is actually no different from the verification code method. Let’s take a look at a few An example of preventing remote form submission outside the site.
Example 1: Every time we open the submission page, we generate a token and save it in the session. When the form is submitted, we judge whether the current token value is consistent with the session. If so, it is a normal submission, otherwise it is an invalid submission.
The specific code is as follows:
<?<span>php </span><span>session_start</span><span>(); </span><span>if</span> (<span>$_POST</span>['submit'] == "go"<span>){ </span><span>//</span><span>check token </span><span>if</span> (<span>$_POST</span>['token'] == <span>$_SESSION</span>['token'<span>]){ </span><span>//</span><span>strip_tags </span><span>$name</span> = <span>strip_tags</span>(<span>$_POST</span>['name'<span>]); </span><span>$name</span> = <span>substr</span>(<span>$name</span>,0,40<span>); </span><span>//</span><span>clean out any potential hexadecimal characters </span><span>$name</span> = cleanHex(<span>$name</span><span>); </span><span>//</span><span>continue processing.... </span> }<span>else</span><span>{ </span><span>//</span><span>stop all processing! remote form posting attempt! </span><span> } } </span><span>$token</span> = <span>md5</span>(<span>uniqid</span>(<span>rand</span>(), <span>true</span><span>)); </span><span>$_SESSION</span>['token']= <span>$token</span><span>; </span><span>function</span> cleanHex(<span>$input</span><span>){ </span><span>$clean</span> = <span>preg_replace</span>("![\][xX]([A-Fa-f0-9]{1,3})!", "",<span>$input</span><span>); </span><span>return</span><span>$clean</span><span>; } </span>?> <form action="<?php echo <span>$_SERVER</span>['PHP_SELF'];?>" method="post"> <p><label <span>for</span>="name">Name</label> <input type="text" name="name" size="20" maxlength="40"/></p> <input type="hidden" name="token" value="<?php echo <span>$token</span>;?>"/> <p><input type="submit" name="submit" value="go"/></p> </form>
Another obvious way is to use verification code. This verification code method is the same as other methods. Let’s take a look at a simple example
Example 2: Add verification code
Add verification code when submitting the form, which can effectively prevent the water filling machine from submitting data. However, as graphics and image recognition programs become more powerful, verification code recognition continues to become more difficult. Some verification codes even incorporate sound recognition. Some small sites can use this method.
<span>if</span>(<span>$_POST</span>['vcode'] !=<span> get_vcode()) { </span><span>exit</span>('验证码校验失败,无法入库'<span>); }</span>
Readers who are interested in specific examples can find many relevant examples of verification online.
Original address: http://www.manongjc.com/article/678.html
Related reading:
php prevents cross-domain form submission
js jsonp method to solve cross-domain requests
php determines if when submitting a form ($_POST[submit]) and if(isset($_POST[sub
php multiple submit submission form processing method
php ajax no refresh submission form
The above introduces the method of PHP to prevent remote submission of forms outside the site, including submission of forms and PHP content. I hope it will be helpful to friends who are interested in PHP tutorials.