Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
233 views
in Technique[技术] by (71.8m points)

html - I am confused about PHP Post/Redirect/Get

In an article on preventing PHP form resubmissions, I read the following:

(Not quoting) This could be the page that receives the form data, for example called "form.php":

<form action="submit.php">
  <input type="text" name="user" required />
  <input type="password" name="pass" required />
  <input type="submit" value="Log in" />
</form>

The page that would process the POST data would therefore be called "submit.php". If the login went correctly, this code would run:

header('Location: /login/form.php?success=true');

However, couldn't a user just navigate to the URL above? Also, what is the purpose of the GET variable? Couldn't I just have a script at form.php that checks if the user is logged in?

At submit.php, should I save the logged in username as $_SESSION['username'], and then check if isset() at form.php? Also, since a URL with "success" in it isn't really pretty, is it economical to redirect the user once again? Should I use PHP header() or Javascript window.location.href? As you see, I'm sort of confused.

Thanks for any help.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

However, couldn't a user just navigate to the URL above?

Yes, he can. This will not cause anything bad though.

Also, what is the purpose of the GET variable?

To have some flag that represents the fact that the form has been processed successfully and you need to congratulate user.

Couldn't I just have a script at form.php that checks if the user is logged in?

Uhm, you can keep your code in the way you like. There is no any strong requirements

At submit.php, should I save the logged in username as $_SESSION['username'], and then check if isset() at form.php?

If you need to persist it across the current session - yes, do so.

Also, since a URL with "success" in it isn't really pretty, is it economical to redirect the user once again?

Redirect where. Redirection is pretty cheap thing.

Should I use PHP header() or Javascript window.location.href?

You definitely should do that in php, otherwise you'll get the troubles you're trying to avoid following PRG-way.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...