drgawfsf1069 2010-10-26 09:14
浏览 48
已采纳

PHP安全:将POST发送到相同的URL =坏?

I had a response on a question yesterday about sending POST data to the same page with the Post-Redirect-Get pattern like this:

if (isset($_POST['Submit'])) {
    // prevent resending data
    header("Location: " . $_SERVER['PHP_SELF']);
}

Someone replied: sending data to same PHP page from Javascript, no AJAX or forms

It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

Now I would like to know what is wrong with this? I want to avoid using a separate page with the confirmation message, because it just breaks the user experience and from a design POV it is a no-go.

  • 写回答

3条回答 默认 最新

  • dqwr32867 2010-10-26 09:17
    关注

    It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

    I think the person who said this might have misunderstood either you or web security.

    There's nothing wrong with using the same URL for different request methods (GET, POST, PUT, DELETE, HEAD etc). In fact, it's a very good idea.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题
  • ¥15 Python时间序列如何拟合疏系数模型
  • ¥15 求学软件的前人们指明方向🥺
  • ¥50 如何增强飞上天的树莓派的热点信号强度,以使得笔记本可以在地面实现远程桌面连接
  • ¥20 双层网络上信息-疾病传播