Generally speaking, malicious refreshing means constantly refreshing the submission page, resulting in a large amount of invalid data. Let's summarize the methods of preventing malicious page refreshing in PHP.
The principle of preventing malicious page brushing is: (recommended learning: PHP video tutorial)
Requires a verification string to be passed between pages. A string is randomly generated when the page is generated and passed as a required parameter in all connections. At the same time, save this string in the session.
After clicking the link or entering the form, it is judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page.
The PHP implementation code is as follows:
<?php session_start(); $k=$_GET['k']; $t=$_GET['t']; $allowTime = 1800;//防刷新时间 $ip = get_client_ip(); $allowT = md5($ip.$k.$t); if(!isset($_SESSION[$allowT])) { $refresh = true; $_SESSION[$allowT] = time(); }elseif(time() - $_SESSION[$allowT]>$allowTime){ $refresh = true; $_SESSION[$allowT] = time(); }else{ $refresh = false; } ?>
The above is the detailed content of How to prevent malicious refresh date in PHP. For more information, please follow other related articles on the PHP Chinese website!