PHP method to prevent forged data from being submitted from the address bar URL, forged URL_PHP tutorial

php method to prevent forged data from being submitted from the address bar URL, forged url

For the case where forged data is submitted from the URL, the first is the following code that checks the source of the previous page:

<&#63;/*PHP防止站外提交数据的方法*/
function CheckURL(){
$servername=$_SERVER['SERVER_NAME']; 
$sub_from=$_SERVER["HTTP_REFERER"]; 
$sub_len=strlen($servername); 
$checkfrom=substr($sub_from,7,$sub_len); 
if($checkfrom!=$servername)die("警告！你正在从外部提交数据！请立即终止！"); 
}
&#63;>

This method only prevents URLs that are manually entered on the browser address bar.

In fact, as long as you construct a hyperlink pointing to the URL (www.jb51.net) on the server, for example, add the hyperlink when posting, and then click it, this Check will have no effect at all.
At present, I feel that it is more reliable to use the POST method to transmit important data.
You can insert some hidden text in the form to pass data.
Or use the following method to submit data from the client to the server using Ajax.

/*创建XHR对象*/
function createXHR()
{
if (window.XMLHttpRequest){
var oHttp = new XMLHttpRequest();
return oHttp;
} 
else if (window.ActiveXObject){
var versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"];
for (var i = 0; i < versions.length; i++){
try {
var oHttp = new ActiveXObject(versions[i]);
return oHttp;
} catch (error) {}
}
}
throw new Error("你的浏览器不支持AJAX！");
}
/*用AJAX向page页面传递数据*/
function ajaxPost(url,query_string='')
{
var xhr;
xhr = createXHR();
xhr.open('POST',url,false);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312");
xhr.onreadystatechange = function(){if (xhr.readyState == 4)if (xhr.status != 200)return;}
xhr.send(query_string);
}

How does PHP code prevent external websites from submitting forms to this site

Try adding a verification code

How to prevent direct URL submission outside the site in php

Add a variable to the second page and pass it there, and then judge this variable to determine whether access is prohibited.
index.php

$i=$_GET['i'] ;
$servername=$HTTP_SERVER_VARS['SERVER_NAME'];
$sub_from=$HTTP_SERVER_VARS["HTTP_REFERER"];
$sub_len=strlen($servername);
$checkfrom=substr($ sub_from,10,$sub_len);
if($checkfrom!=$servername and !$i){
echo("<script>alert('Please do not submit data from outside!');window. location.href='login.php';</script>");
exit;
}
?>

p.php
<script>window .setTimeout("location='index.php?i=1'",20000)</script>

The problem is solved, but I don’t think it’s very good. Haha
It’s also an idea. Personally, I’m very disgusted with variables after the URL. It’s also possible to replace it with a hidden form POST. . But you can’t use js to automatically jump.

http://www.bkjia.com/PHPjc/868484.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/868484.htmlTechArticlephp method to prevent forged data from being submitted from the address bar URL, forged url For the situation where forged data is submitted from the URL, The first is the following code that checks the source of the previous page: /*PHP prevents off-site mentions...