Php vulnerability-cross-site request forgery and methods to prevent forgery-php skills

Today, I will introduce you to the implementation methods of cross-site request forgery in php and some common methods to prevent forgery, if you have any questions, refer to the introduction of counterfeit cross-site requests.
It is difficult to prevent the forgery of cross-site requests, and the danger is huge. attackers can use this method to prank, send spam information, and delete data. Common forms of such attacks include:
Counterfeit links to entice users to click, or allow users to access without knowledge
Counterfeit forms to lure users into submitting. Forms can be hidden and disguised as images or links.
A common and inexpensive precaution is to add a random and frequently changed string to all forms that may involve user write operations, then, check the string when processing the form. If this random string is associated with the current user identity, it will be troublesome for attackers to forge requests.
If the attacker sends a link to the target user in a hidden manner
If the target user accidentally accesses the instance, the number of purchased instances becomes 1000.
Instance
Suiyuan Network PHP message board V1.0

The code is as follows:

Delete any message
// Delbook. php this page is used to delete messages
Include_once ("dlyz. php"); // The user of dlyz. php verifies the permission. The message can be deleted only when the permission is admin.
Include_once ("../conn. php ");
$ Del = $ _ GET ["del"];
$ Id = $ _ GET ["id"];
If ($ del = "data ")
{
$ ID_Dele = implode (",", $ _ POST ['adid']);
$ SQL = "delete from book where id in (". $ ID_Dele .")";
Mysql_query ($ SQL );
}
Else
{
$ SQL = "delete from book where id =". $ id; // The ID of the message to be deleted
Mysql_query ($ SQL );
}
Mysql_close ($ conn );
Echo"