简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > php教程 > php手册 > body text

php防止伪造数据从URL提交解决方法

WBOY
Release: 2016-06-13 09:32:57
Original
1355 people have browsed it

php防止伪造的数据从URL提交方法。

针对伪造的数据从URL提交的情况,首先是一个检查前一页来源的如下代码:

<?<span>/*</span><span>PHP防止站外提交数据的方法</span><span>*/</span>
<span>function</span><span> CheckURL(){
</span><span>$servername</span>=<span>$_SERVER</span>['SERVER_NAME'<span>]; 
</span><span>$sub_from</span>=<span>$_SERVER</span>["HTTP_REFERER"<span>]; 
</span><span>$sub_len</span>=<span>strlen</span>(<span>$servername</span><span>); 
</span><span>$checkfrom</span>=<span>substr</span>(<span>$sub_from</span>,7,<span>$sub_len</span><span>); 
</span><span>if</span>(<span>$checkfrom</span>!=<span>$servername</span>)<span>die</span>("警告!你正在从外部提交数据!请立即终止!"<span>); 
}
</span>?>
Copy after login

这个方法只能防止手动在浏览栏上输入的URL。

事实上只要在服务器上构造出一个指向该URL的超链接(www.jbxue.com)比如在发贴时加入超链,再点击,这个Check就完全不起作用了。
目前觉得还是用POST的方法传递重要数据比较可靠。
可以在form中插入一些隐藏的text用于传递数据。
或者使用下面的方法,利用Ajax从客户端向服务器提交数据。

<span>/*</span><span>创建XHR对象</span><span>*/</span>
<span>function</span><span> createXHR()
{
</span><span>if</span> (window.<span>XMLHttpRequest){
</span><span>var</span> oHttp = <span>new</span><span> XMLHttpRequest();
</span><span>return</span><span> oHttp;
} // www.jbxue.com
</span><span>else</span> <span>if</span> (window.<span>ActiveXObject){
</span><span>var</span> versions = ["MSXML2.XmlHttp.6.0","MSXML2.XmlHttp.3.0"<span>];
</span><span>for</span> (<span>var</span> i = 0; i < versions.length; i++<span>){
</span><span>try</span><span> {
</span><span>var</span> oHttp = <span>new</span><span> ActiveXObject(versions[i]);
</span><span>return</span><span> oHttp;
} </span><span>catch</span><span> (error) {}
}
}
</span><span>throw</span> <span>new</span> Error("你的浏览器不支持AJAX!"<span>);
}
</span><span>/*</span><span>用AJAX向page页面传递数据</span><span>*/</span>
<span>function</span> ajaxPost(url,query_string=''<span>)
{
</span><span>var</span><span> xhr;
xhr </span>=<span> createXHR();
xhr</span>.open('POST',url,<span>false</span><span>);
xhr</span>.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=gb2312"<span>);
xhr</span>.onreadystatechange = <span>function</span>(){<span>if</span> (xhr.readyState == 4)<span>if</span> (xhr.status != 200)<span>return</span><span>;}
xhr</span>.<span>send(query_string);
}</span>
Copy after login
Related labels:
PHP实例教程
source:php.cn
Previous article:PHP查询登录中的sql注入 Next article:2014 年10个最佳的PHP图像操作库--留着有用
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
What are the best practices for displaying version information in web applications? I'm developing a web application. What are the best practices for displaying version infor...
From 2024-04-06 19:13:16
0
2
476
Generate default values ​​and CSS variables using SCSS I'm implementing website styling. For legacy support reasons, I need to support IE11, at l...
From 2024-04-06 17:46:54
0
1
355
Regular expression filter for MERN stack search boxes and checkboxes I'm trying to understand how the MERN stack works together by learning by doing, and I'm f...
From 2024-04-06 14:53:12
0
1
425
PHP: Regular expression to match and replace multiple instances of multiple duplicate matches I'm looking to write a shortcode system for a gaming community/database where users can ad...
From 2024-04-04 15:41:01
0
1
439
A simple Hello world program creates multiple node instances I'm very new to Javascript and NodeJS. I am running a simple helloworld program as follows...
From 2024-04-04 11:03:22
0
1
310
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!