发表新帖
发表新帖

Does PHP have an authenticity token like Rails?

后端 未结
关注
1 1023
一个人的身影
一个人的身影 2020-12-30 16:08

Does PHP have its own version of the Rails authenticity token?

\" />
相关标签:
1条回答
  • 旧巷少年郎
    2020-12-30 16:32

    When outputting to form:

    $token = md5(time() . rand(1,100));
$_SESSION['token'] = $token;

<input type='hidden' name='token' value='<?=$token;?>'/>

    After POST:

    if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
  exit("Bad token!");
}
unset($_SESSION['token']);
    0 讨论(0)
 看不清?
提交回复
热议问题