drgawfsf1069 2010-10-26 09:14
浏览 48
已采纳

PHP安全:将POST发送到相同的URL =坏?

I had a response on a question yesterday about sending POST data to the same page with the Post-Redirect-Get pattern like this:

if (isset($_POST['Submit'])) {
    // prevent resending data
    header("Location: " . $_SERVER['PHP_SELF']);
}

Someone replied: sending data to same PHP page from Javascript, no AJAX or forms

It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

Now I would like to know what is wrong with this? I want to avoid using a separate page with the confirmation message, because it just breaks the user experience and from a design POV it is a no-go.

  • 写回答

3条回答 默认 最新

  • dqwr32867 2010-10-26 09:17
    关注

    It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

    I think the person who said this might have misunderstood either you or web security.

    There's nothing wrong with using the same URL for different request methods (GET, POST, PUT, DELETE, HEAD etc). In fact, it's a very good idea.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 如何用stata画出文献中常见的安慰剂检验图
  • ¥15 c语言链表结构体数据插入
  • ¥40 使用MATLAB解答线性代数问题
  • ¥15 COCOS的问题COCOS的问题
  • ¥15 FPGA-SRIO初始化失败
  • ¥15 MapReduce实现倒排索引失败
  • ¥15 ZABBIX6.0L连接数据库报错,如何解决?(操作系统-centos)
  • ¥15 找一位技术过硬的游戏pj程序员
  • ¥15 matlab生成电测深三层曲线模型代码
  • ¥50 随机森林与房贷信用风险模型