仅允许从表单而不是直接访问PHP脚本 [英] Only allow access to PHP scripts from a form, not directly

查看:52
本文介绍了仅允许从表单而不是直接访问PHP脚本的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

作为PHP的新手,我可能并没有采用正确的形式,但是这种方式在某种程度上对我有用.以下是我的设置/

Being a novice with PHP, I may not be taking the correct route with forms but this way works for me, up to a point. Below is an example of my setup/

我在www.foo.com/add.php上有一个表单,该表单需要管理员才能登录到会话.该表单将数据插入数据库.提交后,将操作设置为 action ="scripts/add.php" ,然后使用PHP标头函数将其重定向到 www.foo.com/done.php .

I have a form at www.foo.com/add.php, which needs an admin to be logged in to the session. The form inserts data into a database. Once it is submitted, the actions is set to action="scripts/add.php" and then that is redirected using a PHP header function to www.foo.com/done.php.

我想知道的是,您是否可以拒绝直接访问脚本文件,例如如果您在网络浏览器中转到脚本文件,它是否可以在数据库中输入空行或可能导致其他一些安全问题?

What I want to know is, can you deny access to the script file directly, e.g. if you go to the script file in a web browser it could enter an empty row into the database or possibly cause some other security issues?

推荐答案

如果表单是使用 POST 方法提交的( method ="post" >< form> ),您仍然可以仅在POST请求上执行脚本,只需在顶部添加以下代码即可:

If the form is submitted using POST method (with attribute method="post" in <form>), you can still execute your script only on POST requests, by adding this at the top:

 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
   exit;
 }

这篇关于仅允许从表单而不是直接访问PHP脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆