How does PHP determine whether a PHP page was submitted from <form> or entered directly from the address bar?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How does PHP determine whether a PHP page was submitted from

How does PHP determine whether a PHP page was submitted from or entered directly from the address bar?

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 06, 2016 pm 01:53 PM

php

<code><form name="aaa" action="http://localhost/yb1/Home/curd/create" method="post">
    <input type="text" name="学号" value="1446298514" id="xh">
    <input type="submit" name="tj" value="提交">
</form></code>

Take this example, how to determine whether http://localhost/yb1/Home/curd/create is submitted or entered in the address bar?

It actually means this:
After I submit once, I will go to http://localhost/yb1/Home/curd/create,
http://localhost/yb1/Home/curd/create The action is executed once,

If you press F5 directly to refresh, something will definitely go wrong. I just want to know when I press F5 whether it comes from post or whether I refreshed it directly from this page..

Reply content:

<code><form name="aaa" action="http://localhost/yb1/Home/curd/create" method="post">
    <input type="text" name="学号" value="1446298514" id="xh">
    <input type="submit" name="tj" value="提交">
</form></code>

Take this example, how to determine whether http://localhost/yb1/Home/curd/create is submitted or entered in the address bar?

It actually means this:
After I submit once, I will go to http://localhost/yb1/Home/curd/create,
http://localhost/yb1/Home/curd/create The action is executed once,

If you press F5 directly to refresh, something will definitely go wrong. I just want to know when I press F5 whether it comes from post or whether I refreshed it directly from this page..

Judge by referer; source address

I think you may need to prevent repeated form submissions. You can add a token to achieve this.

Use $_SERVER['REQUEST_METHOD'] to judge on the create page. A value of get indicates that the page was refreshed, and post indicates that the form was submitted

After the POST processing is completed, the backend can initiate a redirect to a new URL, so that the user does not have the opportunity to refresh the submission.

-- Improve it

A rough pseudocode might be:

<code>if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    // 处理非 POST 的逻辑，如报错页面或渲染表单页面等等
    return;
}

// 处理用户提交的 POST 请求
// 如创建用户、添加文章等等

// 处理完毕，重定向请求，可以是由 POST 请求新创建的页面，如用户中心、文章详情等
// 甚至可以是 POST 请求发起的来源页面，此时可以考虑处理下用户输入回填，或者给个成功或失败的提示信息
header('Location: /path/to/location');</code>

When you click on the form to submit, a mark is recorded. You can judge by deleting the mark when the submission is completed. You can also judge the types of post and get. Address bar submission belongs to get

You can read the address bar data for monitoring, but this method does not solve the problem. You can still forge the post or get method through other means.
It may be possible to add a hidden domain

You should use tp, tp is fine

<code>if(IS_POST){
    echo 1;
}
else {
    echo 0;
}</code>

If your form submission method is POST, then when you press F5 again to refresh, it will also be a POST request method.
It is recommended that the subject understand this 幂等请求.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn