刷新页面时禁止在 php 中使用 getmethod() 重复调用
我是 PHP 新手,为了学习这门语言和概念,我正在开发一个带有购物车的电子商务网站等。 在这个网站中,我有一些商品,当单击某个商品时,该商品的 id 会通过 GET 方法发送到购物车页面。使用这个 id,我将商品添加到购物车(数据库中的表)并且它工作正常。
<a href="do_shoppingcart.php?id=<?php echo "$itm_id"; ?>">
问题是;如果用户单击刷新按钮,该商品将再次添加到购物车中。您认为禁用刷新按钮或 F5 按钮是一个不错的选择吗?我必须做什么才能防止用户在刷新页面时将商品添加到购物车? 在表单中,我注意到“(isset($_POST['Submit'])){}”很有帮助,但对于 GET 方法,这不起作用。
感谢您的帮助。
I'm new to PHP and in order to learn the language and the concepts I'm working on a e-commerce website with a shopping cart, etc.
In this site I have items, when an item is clicked, the id of the item is sent via the GET method to the shopping cart page. Using this id, I add the item to the shopping cart(table in db) and it works fine.
<a href="do_shoppingcart.php?id=<?php echo "$itm_id"; ?>">
The issue is; if the user clicks the refresh button, the item is added again to the shopping cart. Do you think that disabling the refresh button or F5 button is a good option? what must i do to prevent the user from adding the item to the shopping cart when the page is refreshed?
In forms I've noticed that "(isset($_POST['Submit'])){}" is helpful, but for the GET method this doesn't work accordingly.
Your help is appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
最安全的方法(也有助于防止 CSRF 攻击)是将令牌作为隐藏字段添加到表单中。然后,在处理脚本中,仅在该令牌尚不存在时才将该项目添加到数据库中...
可以通过如下方式创建令牌:
附加到您的链接:
然后,在处理时,您可以在数据库中查询与该标记一致。
如果此查询返回结果,则不要处理任何其他内容...
The safest way (also helpful to prevent CSRF attacks) is to add a token as hidden field to your form. Then, in the processing script, only add the item to the database if that token does not exist yet...
The token could be created by something like this:
Appended to your link:
Then, when processing, you query your database for a line with that token.
If this query returns a result, don't process anything else...
您应该使用 POST 进行破坏性操作,为幂等操作保留 GET。
you should do destructive actions with POST, reserve GET for idempotent operations.