I have page.php which receives POST data, it's located in a known position. How can I obtain the url of each page that sends data to page.php via POST, or how can I block/allow POST data from certain sites?
阻止某些站点的POST数据
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
2条回答 默认 最新
- drn5375 2013-10-13 11:46关注
You can (although not reliably) get the URL of the referring page via
$_SERVER['HTTP_REFERER']. There are, however, a number of situations where this will be blank (most commonly when coming from an HTTPS site).The only reliable way to limit which sites can cause a browser to submit data to your script which will be accepted is to implement protection against CSRF and stop all sites that are not your site.
Generate a random token. Store that token in a cookie or session. Store it in a hidden input in the form. When the form is submitted, check if the token in the form matches the token in the cookie/session. If it doesn't, then the form that submitted the data was not on your site.
I use PayPal IPN, so I need to check if POST comes from PayPal
You're trying to solve this problem the wrong way.
Read Paypal's IPN documentation. They provide a means to determine if the event came from them or not.
- PayPal HTTP POSTs your listener an IPN message that notifies you of an event.
- Your listener returns an empty HTTP 200 response to PayPal.
- Your listener HTTP POSTs the complete, unaltered message back to PayPal; the message must contain the same fields (in the same order) as the original message and be encoded in the same way as the original message.
- PayPal sends a single word back - either VERIFIED (if the message matches the original) or INVALID (if the message does not match the original).
解决 无用评论 打赏举报 分享
- 2018-12-01 18:08回答 1 已采纳 Christoph Lütjen pointed out that according to this it should be new MultipartFormDataSection("dat
- 2015-06-17 08:51回答 1 已采纳 是系统内部的吗?直接用函数调用不就行了?为什么要用http的方式呢?
- 2015-01-10 03:53回答 4 已采纳 encodeURIComponent编码下发送的内容试试,应该是乱码了导致你的服务器出问题,你的回调函数里面又没有判断服务器错误的代码,就相当于没反应了 ``` xmlhttp.send
- 2021-06-21 09:12敏感词将过滤成*星号新增系统安装时php版本小于7.0环境下检测always_populate_raw_post_data是否支持新增开启打印、导出EXCEL功能新增域名绑定分站,后台新增域名管理板块新增、调整部分标签,使用更直观更合理新增...
- 2017-02-09 02:12回答 4 已采纳  这里看改成utf-8试下,总感觉你这的utf8会出错
- 2015-04-27 11:56回答 5 已采纳 $array1= array(); $array2= array(); foreach($_POST as $key => $value){ echo $ke
- 2017-02-16 21:23回答 2 已采纳 If you are using PHP version >5.4, use as per below changes Yii:$app->request->post('for
- 2023-03-17 11:10二零久八的博客 此指令描述了PHP注册GET, POST, Cookie, 环境 和 内置变量的顺序 (各自使用G, P, C, E 和 S , 一般使用 EGPCS 或 GPC). 注册使用从左往右的顺序, 新的值会覆盖旧的值.mysqli_connect()默认的端口号. 如果没有设置, ...
- 2018-05-21 00:06回答 1 已采纳 EDIT: Ok, how about something like this? //javascript var toPost = {}; $("input").each(function()
- 2018-07-19 02:33回答 13 已采纳 ``` data: 'name=john' 这个不是json 应该是 name:'john' ```
- 2017-07-27 02:42回答 2 已采纳 服务端是通过客户端传过来的sessionID,来获取session数据的,通常浏览器会通过cookies把sessionid传到服务端(也可以手动设置),这是前提; 而你这段代码,服务端是接收到
- 2023-08-15 04:50Rek'Sai的博客 我们可以通过我们自定义的函数方式,搭配php的版本和可替换函数绕过WAF的拦截,达到免杀的目的!...它通常可以保护 Web 应用程序,使其免受跨站点伪造跨站点脚本 (XSS)、文件包含、SQL 注入及其他一些攻击的影响。
- 2019-04-22 03:33回答 2 已采纳 Can you try to run this code in your local machine? Make a file name 55788817.php and paste this
- 2022-11-23 16:07樂稚的博客 php基础
- 2023-12-08 10:56PHP代码的博客 顺手记录下自己简单整理的 php 面试知识点,希望对你多有帮助!仅供参考!!!Nginx 是一个开源的” 高性能代理服务器 (可以处理数千个并发且迅速响应)”,采用异步非阻塞的事件驱动模型实现了高可用(高性能、低...
- 没有解决我的问题, 去提问
悬赏问题
- ¥20 模型在y分布之外的数据上预测能力不好如何解决
- ¥15 processing提取音乐节奏
- ¥15 gg加速器加速游戏时,提示不是x86架构
- ¥15 python按要求编写程序
- ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入
- ¥20 XP系统在重新启动后进不去桌面,一直黑屏。
- ¥15 opencv图像处理,需要四个处理结果图
- ¥15 无线移动边缘计算系统中的系统模型
- ¥15 深度学习中的画图问题
- ¥15 java报错:使用mybatis plus查询一个只返回一条数据的sql,却报错返回了1000多条