如果$ _POST变量丢失了怎么办？

What should an application do, if a $_POST variable is missing, which is required to perform the action?

For example, imagine I have a form with an <input name="title"> and I have some page, which processes the resulting POST request. Now, what should this page do, if it gets a request, but no $_POST['title'] variable was set?

To make it clear: By "not set" I mean, that an invalid request is made, which a normal user cannot do, only somebody making a manual request to my form processing page, i.e. somebody trying to do things with my site, I don't want it to be done with.

Some possibilities:

Just die.
Print a fancy error message, like you would do, it the field were just empty.
Block further requests from this IP.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

4条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douzhu6149 2011-03-29 18:26
关注
I tend to favour the redirect. If someone is coming from somewhere they shouldn't be coming from, or doing something they shouldn't be doing - I just take them someplace else, silently and without fuss.

If you fill in my form and it doesn't validate server side, I take you back to the form, point out your mistakes, pre-fill it with your values and encourage you to try again.

If you don't fill in my form and it doesn't validate server side, I either do the same as above, or I just dump you on the form page as though it never happened.

The important thing is that if you don't want people to be able to directly POST data to a page, that you stop them from doing so - its less important what you actually do with the user since they are clearly using your site in an unnatural way. They are probably automated bots and could not care less what happened to them anyway, especially if you're talking about some form that could be construed as something that might allow comments or otherwise publish some text to a site. The spammers just LOVE those.

On that note - you should of course take care to protect your site from bots that can recognise what a valid POST looks like and spoof it. Something like ReCaptcha does the trick, but there are many ways to do it.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(3条)

报告相同问题？

关注问题

如果$ _POST变量丢失了怎么办？ php
2011-03-29 16:28

回答 4 已采纳 I tend to favour the redirect. If someone is coming from somewhere they shouldn't be coming from,
在使用$ _POST单击检查按钮后，使用$ _POST方法以前设置的数组变量将丢失 php
2013-04-27 03:59

回答 1 已采纳 an Idea, you need to store it in session. it seems you get $_POST['user'] from previous page/reque
在页面中丢失$ _SESSION变量 php
2015-03-27 08:25

回答 2 已采纳 This never happend in my life before. I copied the code from 2.php and pasted it in another file,
php删除$_post,关于php：清理$ _POST变量
2021-04-10 10:29

大乘虚怀苦的博客我正在尝试提出一种方法，可以通过一个函数有效轻松地清除所有POST和GET变量。这是函数本身：//clean the user's inputfunction cleanInput($value, $link = ''){//if the variable is an array, recurse into itif...
单击按钮后$ _SESSION变量丢失 html mysql php
2013-05-14 09:19

回答 4 已采纳 You're saying $hideval = $_GET['q']; and <form id="custform" method="post" action="<?php
PHP - 丢失$ _SESSION变量索引 php
2014-11-03 01:19

回答 1 已采纳 Mate, there is no any errors in your scripts! Actually this is exactly the expected behavior. Whe
使用header（）重定向后会话变量丢失 php
2017-04-26 04:58

回答 2 已采纳 It's because you are using $fist_name rather than $first_name. And edit your echo part <?php
php $_request 取不到值,PHP $_POST$_REQUEST获取不到参数原因
2021-04-23 15:48

weixin_39627751的博客 PHP $_POST$_REQUEST获取不到参数原因PHP $_POST,$_REQUEST获取不到参数原因首先了解下《$_POST，$HTTP_RAW_POST_DATA 和 php://input 的区别》之间的区别：标签的 enctype 属性：1：application/x-...
PHP变量在范围问题中丢失 php
2013-09-28 18:06

回答 2 已采纳 Here was one approach I came up with... I don't know if this is good or right! :) addeed: public
如何在不丢失变量值的情况下使用多个表单？ html mysql php
2017-05-02 11:25

回答 1 已采纳 The problem is here is that you are using two FORM tags. If the first form sent its value, the sec
通过php在页面之间传递变量时遇到问题 php sql
2013-07-17 16:23

回答 2 已采纳 You need to name your submit button to formSubmit to make the if statement return true. Change you
PHP $_POST,$_REQUEST获取不到参数原因
2020-06-22 20:23

乐杨俊的博客首先了解下《$_POST，$HTTP_RAW_POST_DATA 和 php://input 的区别》之间的区别： <form> 标签的 enctype 属性： 1：application/x-www-form-urlencoded -->默认模式，在发送到服务器之前，所有字符都会...
为什么我的构建会在我明显看到它存在时抱怨环境变量丢失了？ php
2015-05-08 23:12

回答 1 已采纳 I figured this out. Reading is always good: From the documentation "...we do not expose these
php post不存在,PHP缺少一些$ _POST值，但在php：// input中存在
2021-03-24 01:53

黑忠的博客问题是PHP的$ _POST超全局变量中没有提供某些值并且不存在这些值。我检查(使用Firebug扩展名)这些值实际上是由浏览器发送到服务器的。$ _POST被填充，但是一些值丢失了。我使用以下命令检查了原始请求：$raw_post = ...
微擎开发：全局变量$_GPC 与$_W 解析
2020-05-23 11:01

BigGod_lxj的博客全局请求变量, 获取 $_GET, $_POST, $_COOKIES 中的变量
没有解决我的问题, 去提问

悬赏问题

¥20 基于MSP430f5529的MPU6050驱动，求出欧拉角
¥20 Java-Oj-桌布的计算
¥15 powerbuilder中的datawindow数据整合到新的DataWindow
¥20 有人知道这种图怎么画吗？
¥15 pyqt6如何引用qrc文件加载里面的的资源
¥15 安卓JNI项目使用lua上的问题
¥20 RL+GNN解决人员排班问题时梯度消失
¥60 要数控稳压电源测试数据
¥15 能帮我写下这个编程吗
¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路

如果$ _POST变量丢失了怎么办？

4条回答 默认 最新

悬赏问题

4条回答默认最新