Home >Backend Development >PHP Tutorial >PHP prevents remote illegal submission of form program code_PHP tutorial

PHP prevents remote illegal submission of form program code_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:11:14982browse

Preventing remote form submission is a way to prevent hackers from illegally submitting data remotely to bring security to our website. Let me introduce an example of preventing remote illegal form submission in PHP.

Detailed method

1. PHP method to prevent data submission outside the site

 代码如下 复制代码
$servername=$HTTP_SERVER_VARS['SERVER_NAME'];
$sub_from=$HTTP_SERVER_VARS["HTTP_REFERER"];
$sub_len=strlen($servername);
$checkfrom=substr($sub_from,7,$sub_len);
if($checkfrom!=$servername){
echo("警告!你正在从外部提交数据!!请立即终止!!");
exit;
}
?>

Put the above code into a page that needs to prevent external submission of data. If you enter the URL directly or link to this page from an external network, it will display: Warning! You are submitting data from outside! ! Please terminate immediately! ! ; If you link to this page from this site or submit it through a form, there will be no such prompt. This is mainly done to prevent some fake forms from submitting data to the site.

The above code can be skipped directly through curl. We can refer to the method of dz forum login


A better way to handle remote form submission is to generate a token based on a unique string or timestamp and place this token in the session variable and the form. After submitting the form, check if the two tokens match. If it doesn't match, you know someone is trying to send data from a remote copy of the form.

To create a random token, you can use PHP’s built-in md5(), uniqid() and rand() functions as shown below

The code is as follows Copy code
代码如下 复制代码
session_start();

if ($_POST['submit'] == "go"){
//check token
if ($_POST['token'] == $_SESSION['token']){
//strip_tags
$name = strip_tags($_POST['name']);
$name = substr($name,0,40);
//clean out any potential hexadecimal characters
$name = cleanHex($name);
//continue processing....
}else{
//stop all processing! remote form posting attempt!
}
}

$token = md5(uniqid(rand(), true));
$_SESSION['token']= $token;


function cleanHex($input){
$clean = preg_replace("![][xX]([A-Fa-f0-9]{1,3})!", "",$input);
return $clean;
}
?>   
       
       
   

   

   
   

   
  
session_start();           if ($_POST['submit'] == "go"){ //check token If ($_POST['token'] == $_SESSION['token']){               //strip_tags                                                                  $name = strip_tags($_POST['name']);                                                             $name = substr($name,0,40);                                          //clean out any potential hexadecimal characters          $name = cleanHex($name);                                                               //continue processing....                         }else{   //stop all processing! remote form posting attempt! }   }            $token = md5(uniqid(rand(), true)); $_SESSION['token']= $token;                     function cleanHex($input){ $clean = preg_replace("![][xX]([A-Fa-f0-9]{1,3})!", "",$input); Return $clean; }  ?>                    
 

 

 

If you have nothing to do, write out the ASP I wrote before

How ASP prevents external submission of data

 代码如下 复制代码
<%
Server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
Server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If mid(server_v1,8,len(server_v2))<>server_v2   then
     Response.write "警告!你正在从外部提交数据!!请立即终止!!"
     Response.End
End if
%>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629612.htmlTechArticlePreventing remote submission of forms is a way to prevent hackers from illegally submitting data remotely to create security for our website. I will introduce it below. Prevent remote illegal submission of form instances in PHP. Specific methods...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn