php/html - http_referer
我正在创建一个网站,在一个特定页面上,我想将用户返回到上一页。 我对 PHP/HTML 相当陌生,并且一直在使用一些现有代码来获取想法和帮助。
现有代码使用以下方法:
if (! empty($HTTP_REFERER))
{
header("Location: $HTTP_REFERER");
} else
{
header("Location: $CFG->wwwroot");
}
但是,当我使用此代码时,HTTP_referer 始终被视为空,并且用户重定向到根页面。 这段代码有什么明显的缺陷吗?
I am creating a website and on one particular page, am wanting to send the user back to the previous page. I am fairly new to PHP/HTML and have been using some existing code for ideas and help.
The existing code uses the following method:
if (! empty($HTTP_REFERER))
{
header("Location: $HTTP_REFERER");
} else
{
header("Location: $CFG->wwwroot");
}
However, when I use this code the HTTP_referer is always treated as empty and the user redirected to the root page. Any obvious flaws in this code?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
不要依赖 HTTP Referrer 为有效字段甚至非空字段。 人们可以选择不设置此设置,从而将该变量的任何检查保留到 IF-ELSE 子句的空侧。
您可以通过在 URL 或 POST 参数中发送一个参数来防止这种情况,该参数将包含一个可用于将用户重定向回的值。
Don't rely on the HTTP Referrer being a valid or even non-empty field. People can choose to not have this set leaving any checks for that variable going to the empty side of the IF-ELSE clause.
You can guard against this by sending along a parameter in either the URL or POST parameters that would hold a value that you can use to redirect the user back to.
您需要使用:
You need to use:
isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
如果您想将用户发送回上一页并使其正常工作,而不管引荐来源是否设置正确,您可以将 GET 参数附加到 URL(或 POST)..您将需要对 URL 进行编码..类似
http://www.domain.com.au/script.php?return=http%3a%2f%2fwww.domain.com.au%2fthis-is-where-i-was%2f< /a>
您可以使用 PHP 的 urlencode() 函数。
If you wanted to send the person back to the previous page and have it work regardless of the referrer being set correctly, you can append a GET parameter to the URL (or POST).. you will need to encode the URL.. Something like
http://www.domain.com.au/script.php?return=http%3a%2f%2fwww.domain.com.au%2fthis-is-where-i-was%2f
You can use PHP's
urlencode()
function.另请注意,引用标头可能为空或丢失,因此您根本不应该依赖它。
Also note that the referer header might be empty or missing anyway, so you shouldn't rely on it at all..
你应该使用
但是查看php.ini中的register_globals配置,由于安全原因应该将其关闭。 您可以在PHP 手册网站上阅读更多信息。
You should use
However look at the register_globals configuration in php.ini, it should be turned off due to security reasons. You can read more on PHP Manual site.