日期:2014-05-17  浏览次数:20481 次

关于页面刷新重复提交的问题和isset的问题
<form action='<?php $_SERVER['PHP_SELF'] ?>' method='post'>
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">  
<input type="submit" value="submit"> 
</form>


<?php  
  if ($_SERVER['REQUEST_METHOD'] == 'POST'){
  if(isset($_POST['img']) && isset($_POST['url']))
  {  
  $img = $_POST['img'];
  $url = $_POST['url'];
  $query = sprintf('INSERT INTO pic(pic,url)'.
  'VALUES ("%s","%s")',$img,$url);
 
if(!$result = mysql_query($query))
  { 
  die('Could not insert into the database:'.mysql_error());
  }
  }
}
   
?>




为什么我填入img或者url为空,也能提交成功,if(isset($_POST['img']) && isset($_POST['url'])) 这个语句有错吗?


另外如何防止刷新重复提交,请大神帮助改下代码!!!!

------解决方案--------------------
<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['token'] != $_SESSION['token'])
{
die('Token mismatch');
}
unset($_SESSION['token']);
if($_POST['img'] && $_POST['url'])
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
  
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
$token = md5(mt_rand(0, 65535));
$_SESSION['token'] = $token;

?>
<form action='<?php $_SERVER['PHP_SELF'] ?>' method='post'>
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">
<input type="hidden" name="token" value="<?php echo $token?>">
<input type="submit" value="submit">
</form>