有時候為了避免安全問題,我們需要對提交的表單來源進行比較,下面是我寫的例子,只允許本身提交的表單傳值!
<?php
//echo $_SERVER['PHP_SELF']."<br />";
echo $_SERVER['HTTP_REFERER']."<br />" ; //返回前一頁的uri
//echo $_SERVER['SERVER_NAME']."<br />"; //返回主機名
$src = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}";
echo $src;
//echo $src;
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$src = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}";
if (strcmp($src, $_SERVER['HTTP_REFERER'])==0){
echo "匹配成功";
}else{
echo "匹配不成功";
}
}else{
echo "請提交表單";
}
?>
<form method="post" action="">
<input name="name" type="text">
<input type="submit" value="提交">
</form>
