Home  >  Article  >  Backend Development  >  PHP prevents forged data from being submitted from URL_PHP Tutorial

PHP prevents forged data from being submitted from URL_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 10:26:13904browse

For the case where forged data is submitted from the URL, the first is the following code that checks the source of the previous page:

<&#63;/*PHP防止站外提交数据的方法*/
function CheckURL(){
  $servername=$_SERVER['SERVER_NAME']; 
  $sub_from=$_SERVER["HTTP_REFERER"]; 
  $sub_len=strlen($servername); 
  $checkfrom=substr($sub_from,7,$sub_len); 
  if($checkfrom!=$servername)die("警告!你正在从外部提交数据!请立即终止!"); 
}
&#63;>

This method only prevents URLs that are manually entered on the browser bar.
In fact, as long as you construct a link pointing to the URL on the server (such as adding a hyperlink when posting) and click it, this Check will have no effect at all.

Currently, I think it is more reliable to use the POST method to transmit important data.
You can insert some hidden text in the form to pass data.
Or use the following method to submit data from the client to the server using Ajax.

/*创建XHR对象*/
function createXHR()
{
  if (window.XMLHttpRequest){
    var oHttp = new XMLHttpRequest();
    return oHttp;
  } 
  else if (window.ActiveXObject){
    var versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"];
    for (var i = 0; i < versions.length; i++){
      try {
        var oHttp = new ActiveXObject(versions[i]);
        return oHttp;
      } catch (error) {}
    }
  }
  throw new Error("你的浏览器不支持AJAX!");
}
/*用AJAX向page页面传递数据*/
function ajaxPost(url,query_string='')
{
  var xhr;
  xhr = createXHR();
  xhr.open('POST',url,false);
  xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312");
  xhr.onreadystatechange = function(){if (xhr.readyState == 4)if (xhr.status != 200)return;}
  xhr.send(query_string);
}

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/824754.htmlTechArticleFor the situation where forged data is submitted from the URL, the first is the following code to check the source of the previous page: /* PHP method to prevent data submission outside the site*/function CheckURL(){ $servername=$_SERVE...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn