This article mainly introduces the use and verification method of php token. It implements the token verification function by processing the hidden submission field of the form form to prevent the access of illegal source data
1. Simple token function Description
PHP uses token verification to effectively prevent illegal source data from being submitted for access and increase the security of data operations
2. Implementation method:
Foreground form:
<form action="do.php" method="POST"> <?php $module=mt_rand(100000,999999);?> <input type="text" name="sec_name" value=""/> <input type="hidden" name="module" value="<?php echo $module;?>"/> <input type="hidden" name="timestamp" value="<?php echo time();?>"/> <input type="hidden" name="token" value="<?php echo md5($module.'#$@%!^*'.time());?>"/> </form>
Token verification part of backend do.php:
<?php $module = $_POST['module']; $timestamp = $_POST['timestamp']; $token = md5($module.'#$@%!^*'.$timestamp); if($token != $_POST['token']){ echo('非法数据来源'); exit(); } $sec_name=$_POST['sec_name']; //PHP数据处理..... ?>
For more PHP related knowledge, please visit PHP tutorial!
The above is the detailed content of Example showing php form security verification. For more information, please follow other related articles on the PHP Chinese website!