php防止远程提交表单的问题。
在网上找到一段防止远程提交表单的demo,它用的是md5(uniqid(rand()))生成令牌验证的方法,如下:
<!--
Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/
-->
<?php
session_start();
if ($_POST['submit'] == “go"){
//check token
if ($_POST['token'] == $_SESSION['token']){
//strip_tags
$name = strip_tags($_POST['name']);
$name = substr($name,0,40);
//clean out any potential hexadecimal characters
$name = cleanHex($name);
//continue processing….
}else{
//stop all processing! remote form posting attempt!
}
}
$token = md5(uniqid(rand(), true));
$_SESSION['token']= $token;
function cleanHex($input){
$clean = preg_replace("![\][xX]([A-Fa-f0-9]{1,3})!", "",$input);
return $clean;
}
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<p><label for="name">Name</label>
<input type="text" name="name" id="name" size="20″ maxlength="40″/></p>
<input type="hidden" name="token" value="<?php echo $token;?>"/>
<p><input type="submit" name="submit" value="go"/></p>
<div class="aritcle_card">
<a class="aritcle_card_img" href="/ai/2085">
<img src="https://img.php.cn/upload/ai_manual/000/000/000/175679986390996.png" alt="表单大师AI">
</a>
<div class="aritcle_card_info">
<a href="/ai/2085">表单大师AI</a>
<p>一款基于自然语言处理技术的智能在线表单创建工具,可以帮助用户快速、高效地生成各类专业表单。</p>
<div class="">
<img src="/static/images/card_xiazai.png" alt="表单大师AI">
<span>74</span>
</div>
</div>
<a href="/ai/2085" class="aritcle_card_btn">
<span>查看详情</span>
<img src="/static/images/cardxiayige-3.png" alt="表单大师AI">
</a>
</div>
</form>
?>
PHP怎么学习?PHP怎么入门?PHP在哪学?PHP怎么学才快?不用担心,这里为大家提供了PHP速学教程(入门到精通),有需要的小伙伴保存下载就能学习啦!
广告
收藏
收藏
Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号
458
