Example of PHP preventing remote form submission outside the site

This topic was moved by Xiaobei on 2016-4-18 12:28

When developing PHP (http://www.maiziedu.com/course/php/), in order to prevent webmasters from submitting forms, they need to add a token for verification every time they open the form or submit data. This is actually It’s no different from the verification code method. Let’s look at a few examples of preventing remote submission of forms outside the site.
Example 1: Every time we open the submission page, we generate a token and save it in the session. When the form is submitted, we judge whether the current token value is consistent with the session. If so, it is a normal submission, otherwise it is an invalid submission.
The specific code is as follows:
If ($_POST['submit'] == "go"){
//check token
If ($_POST['token'] == $_SESSION['token']){
​​​​//strip_tags​​​
                $name = strip_tags($_POST['name']);          
            $name = substr($name,0,40);      
​​​​//clean out any potential hexadecimal characters​​​​
              $name = cleanHex($name);        
              //continue processing....                                      }else{
              //stop all processing! remote form posting attempt! }
$token = md5(uniqid(rand(), true)); $_SESSION['token']= $token;
​
function cleanHex($input){
$clean = preg_replace("![][xX]([A-Fa-f0-9]{1,3})!", "",$input);
Return $clean;
} ?>

Name

 ​​

 ​​

Another obvious way is to use verification code. This verification code method is the same as other methods. Let’s take a look at a simple example
Example 2: Add verification code
Adding a verification code when submitting the form can effectively prevent the water filling machine from submitting data. However, as graphics and image recognition programs become more powerful, verification code recognition continues to become more difficult. Some verification codes even include sound recognition. Some small sites can use this method.
if($_POST['vcode'] != get_vcode())
{
exit('Verification code verification failed and cannot be stored in the database');
}
Readers who are interested in specific examples can find many relevant examples of verification on the Internet.