Home >Backend Development >PHP Problem >How to prevent malicious refresh date in PHP

How to prevent malicious refresh date in PHP

(*-*)浩
(*-*)浩Original
2019-10-12 11:57:022090browse

Generally speaking, malicious refreshing means constantly refreshing the submission page, resulting in a large amount of invalid data. Let's summarize the methods of preventing malicious page refreshing in PHP.

How to prevent malicious refresh date in PHP

The principle of preventing malicious page brushing is: (recommended learning: PHP video tutorial)

Requires a verification string to be passed between pages. A string is randomly generated when the page is generated and passed as a required parameter in all connections. At the same time, save this string in the session.

After clicking the link or entering the form, it is judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.

After the processing is completed, a verification code will be regenerated for the generation of a new page.

The PHP implementation code is as follows:

<?php 
 
session_start(); 
 
$k=$_GET[&#39;k&#39;]; 
 
$t=$_GET[&#39;t&#39;]; 
 
$allowTime = 1800;//防刷新时间 
 
$ip = get_client_ip(); 
 
$allowT = md5($ip.$k.$t); 
 
if(!isset($_SESSION[$allowT])) 
 
{ 
 
$refresh = true; 
 
$_SESSION[$allowT] = time(); 
 
}elseif(time() - $_SESSION[$allowT]>$allowTime){ 
 
$refresh = true; 
 
$_SESSION[$allowT] = time(); 
 
}else{ 
 
$refresh = false; 
 
} 
 
?>

The above is the detailed content of How to prevent malicious refresh date in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn