Php code summary for preventing malicious page refreshing
Source: Internet
Author: User
Malicious refresh means to constantly refresh the submitted page, resulting in a large amount of invalid data. The following is a summary of php's methods to prevent malicious page refreshing:
A verification string must be passed between pages,
A random string is generated when a page is generated,
As a required parameter, it is passed in all connections. At the same time, this string is saved in the session.
Click the link or form to enter the page and check whether the verification code in the session is the same as the one submitted by the user. if the verification code is the same, the verification code is refresh again.
After the processing is complete, a verification code will be generated again to generate a new page.
Code
The code is as follows:
Session_start ();
$ K = $ _ GET ['K'];
$ T = $ _ GET ['t'];
$ AllowTime = 1800; // Anti-refresh time
$ Ip = get_client_ip ();
$ AllowT = md5 ($ ip. $ k. $ t );
If (! Isset ($ _ SESSION [$ allowT])
{
$ Refresh = true;
$ _ SESSION [$ allowT] = time ();
} Elseif (time ()-$ _ SESSION [$ allowT]> $ allowTime ){
$ Refresh = true;
$ _ SESSION [$ allowT] = time ();
} Else {
$ Refresh = false;
}
?>
I have also encountered this issue twice when I used an image to replace the submit, and the image has a submit (). This will be submitted twice, I have never submitted the submit button twice.
Now let's sort it out:
The method is similar to the previous ones.
The received page (2. php) is divided into two parts: processing submitted variables and displaying pages.
After processing the variable, use header ("location:". $ _ SERVER ['php _ SELF ']) to jump to its own page.
This part is to be judged. if there is no post variable, it will be skipped. Of course, you can also jump to another page.
When you jump to another page, there will be a problem. we recommend that you create a php file.
If the variables passed through the previous page do not meet the requirements, they can be forcibly returned.
The code is as follows:
Script
History. go (-1 );
Script
After talking about the general idea, the experts may not encounter such problems, but not everyone is a master.
2. php process
The code is as follows:
If (isset ($ _ POST ))
{Receiving variable
If (the variable does not meet the requirements)
Script history. go (-1); script
Else
Operation Data
...
If (operation completed)
Header ("location:". $ _ SERVER ['php _ SELF ']);
}
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
