Php prevents forms from being submitted remotely. Find a demo on the Internet to prevent remote form submission. it uses md5 (uniqid (rand () to generate the token verification method, as follows: PHPcode & lt ;? Phpsession_start (); if ($ _ POST [submit] "go & quot;) {checktokenif ($ _ POST [php prevents remote form submission.
Find a demo on the Internet to prevent remote form submission. it uses md5 (uniqid (rand () to generate token verification, as follows:
PHP code
My problem is:
If the cookie that saves the sessionID can be found, you can submit the form remotely, modify the header of the request through some operations, and put the obtained cookie in.
If this method is feasible, isn't this code enough to prevent form submission remotely?
------ Solution --------------------
Not necessarily! Session is defined to generate a session file on the server side, put it on the server side, and generate a session_id, which is sent to the client through cookies. when you access the session, the session_id of the client is used; however, it is unclear whether the session_id can directly access the session file on the server. if there is a method, you can directly access the session information through session_id, this prevents remote form submission from being ineffective. otherwise, OK!
------ Solution --------------------
SessionID is dynamic, and it does not exist!
However, your code can only submit static forms. Does not prevent robot submissions
As long as you first enter your page (of course, you need to know if your form has changed), then your valuable token will be in my hands, then .....
------ Solution --------------------
Users can access it, just like computers.
First, access the form page to obtain the TOKEN, and then submit the form to submit the TOKEN together.