<a href="rate.php?winner=<?=$images[0]->image_id?>&loser=<?=$images[1]->image_id?>"></a>
这是我的主页。在上传到 php 文件之前,可以使用检查元素更改参数,这是一个问题。
这是 rate.php
<?php
include('mysql.php');
include('functions.php');
// If rating - update the database
if ($_GET['winner'] && $_GET['loser']) {
// Get the winner
$result = $conn->query("SELECT * FROM images WHERE image_id = ".$_GET['winner']." ");
$winner = $result->fetch_object();
// Get the loser
$result = $conn->query("SELECT * FROM images WHERE image_id = ".$_GET['loser']." ");
$loser = $result->fetch_object();
// Update the winner score
$winner_expected = expected($loser->score, $winner->score);
$winner_new_score = win($winner->score, $winner_expected);
//test print "Winner: ".$winner->score." - ".$winner_new_score." - ".$winner_expected."<br>";
$conn->query("UPDATE images SET score = ".$winner_new_score.", wins = wins+1 WHERE image_id = ".$_GET['winner']);
// Update the loser score
$loser_expected = expected($winner->score, $loser->score);
$loser_new_score = loss($loser->score, $loser_expected);
//test print "Loser: ".$loser->score." - ".$loser_new_score." - ".$loser_expected."<br>";
$conn->query("UPDATE images SET score = ".$loser_new_score.", losses = losses+1 WHERE image_id = ".$_GET['loser']);
// Insert battle
$conn->query("INSERT INTO battles SET winner = ".$_GET['winner'].", loser = ".$_GET['loser']." ");
// Back to the frontpage
header('location: /');
}
?>
我只是希望在将数据发送到 php 文件时可以修改参数
您需要在代码中添加一些额外的验证/验证。这与您使用 GET 还是 POST 传递数据无关。
您可以为每个呼叫设置一个会话,该会话定义允许用户传递的 ID。它的工作原理类似于基本的 CSRF 保护:
它可能类似于以下内容:
在投票页面:
<?php
// Start sessions (should always be in the top
session_start();
// Get the image id's some how. Let's use these as an example
// This could just as well be strings or what ever it is you're posting
$image1 = 1;
$image2 = 2;
// Generate a pseudo random token
$token = bin2hex(random_bytes(16));
// Store the image references in a session with the token as name
$_SESSION[$token] = [$image1, $image2];
?>
// HTML that sends the image references and the token (important)
在接收数据的页面上:
<?php
// Again, start sessions;
session_start();
// Check that all parameters are there
if (!isset($_POST['winner'], $_POST['loser'], $_POST['token'])) {
die('Invalid request');
}
$winner = $_POST['winner'];
$looser = $_POST['loser'];
$token = $_POST['token'];
// Check if the session is set. If not, then the call didn't come from your page
if (!$token || empty($_SESSION[$token])) {
die('We have a CSRF attack');
}
// Check if both image references exists in session. If not, then someone have change the values
if (!in_array($winner, $_SESSION[$token]) || !in_array($loser, $_SESSION[$token])) {
die('Invalid image references! We have a cheater!');
}
// Remove the token from the session so the user can't repeat the call
unset($_SESSION[$token]);
// Do your DB stuff using Prepared Statements.
这是一个未经测试的示例,因此它可能无法直接使用,但它向您展示了一种可以使用的技术。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句