Prevents direct access to PHP pages and can only be referenced! In this way, you cannot directly access page B. You can also add a COOKIE on the "A" and "B" to determine whether to delete the COOKIE after judging the COOKIE. Therefore, you should consider adding a parameter to prevent such a situation. cookies and sessions are available, however, cookies are from the client. if cookies are disabled, they can refresh the clicks maliciously. We recommend that you use the MD5 value of the IP + URL parameter as the SESSION name. set the implementation principle to max_reloadtime = 100; // set the maximum page refresh interval. the user opens the page record for the first time and saves the current time in session_start. the user opens the page for the second time (determines whether session_start exists) the difference between the current time and session_start is time_passed. when time_passed <max_reloadtime indicates that the user refresh the warning frequently within the specified time and then exits directly. Example:
- Session_start ();
- $ K = $ _ GET ['K'];
- $ T = $ _ GET ['t'];
- // Anti-refresh time
- $ AllowTime = 1800;
- $ Ip = get_client_ip ();
- $ AllowT = md5 ($ ip. $ k. $ t );
- If (! Isset ($ _ SESSION [$ allowT]) {
- $ Refresh = true;
- $ _ SESSION [$ allowT] = time ();
- } Elseif (time ()-$ _ SESSION [$ allowT]> $ allowTime ){
- $ Refresh = true;
- $ _ SESSION [$ allowT] = time ();
- } Else {
- $ Refresh = false;
- }
- ?>
Example 2: php anti-repeated submission. First, you can define a session variable to save the submission serial number of a form. $ UserLastAction is defined here ". Then, add a hidden variable to the form and set the value to $ userLastAction + 1:> Finally, determine whether the form has been submitted before processing and submission:
- If ($ lastAction> $ userLastAction and inputIsValid (...)) {
- $ UserLastAction ++; // add 1 to the serial number
- // Process form data
- }
Submit page:
- $ _ SESSION ['code'] = mt_rand (1000); // Generate a random number between 1 and
- ?>
-
-
Submitted page:
If ($ _ SESSION ['code']! = $ _ REQUEST ['scode']) {
- Echo "Please do not submit again ";
- Exit;
- }
- $ _ SESSION ['code'] = 0
/* Ultimate Edition
- PHP prevents users from refreshing pages (Refresh or Reload) and submitting the form content repeatedly.
- Because the content of the form variable is referenced by $ _ POST ['name'], you may directly destroy $ _ POST ['name'] (unset () after processing the form ()) you can. Actually not. Because the page caches the form content by default, even if $ _ POST ['name'] is destroyed, after refreshing, $ _ POST ['name'] will still be assigned, which is equally valid.
- You can use Session to solve the problem. First, assign a value to the Session, such as 400. after the first successful submission, change the Session value. when the second submission, check the value of this Session. if it is not 400, the data in the form is no longer processed.
- Can I set the validity period of a Session?
- */
- If (isset ($ _ POST ['action']) & $ _ POST ['action'] = 'submitted '){
- Session_start ();
- Isset ($ _ SESSION ['num']) or die ("no session ");
- If ($ _ SESSION ['num'] = 400 ){
- Print'
’; - print_r($_POST);
- print ‘Please try again’;
- print ‘
';
- $ _ SESSION ['num'] = 500;
- } Else {
- Print'
’; - print_r($_POST);
- echo "However you have submitted";
- print ‘
';
- }
- } Else {
- Session_start () or die ("session is not started ");
- $ _ SESSION ['num'] = 400;
- ?>
-
- }
- ?>
|