我想使用jquery ajax提交表单,没关系,但我第一次点击提交,这是我的代码。
var $others = $('input[type="checkbox"][value!="All"]')
$.each($others, function( i, v ) {
console.log(v.value);
});
您可能会说设置 <!-- input code from the form -->
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" />
<!-- js code -->
$.ajax({
url: ajaxurls.ask,
type: 'POST',
data: formData,
contentType: false, // The content type used when sending data to the server.
cache: false, // To unable request pages to be cached
processData:false,
success: function (html) {
var data = jQuery.parseJSON(html);
if(data.status == 'ok') {
$('.row_question_form').after(data.response.html);
$('.question_' + data.response.question[0].question_id).hide().fadeIn();
$('#question_form').val('');
$('#thumbnails').empty();
$('#ask_question_messages').empty();
$('#ask_question_messages').html(data.message);
}else if(data.status == 'error'){
$('#ask_question_messages').empty();
$('#ask_question_messages').html(data.message);
}
}
});
,但在这种情况下,有人可以使用这样的应用程序在我的数据库中创建数百条记录:
答案 0 :(得分:0)
It is correct that you can only submit one POST per CSRF Token, as they are for one-time use.
If your intention is to alter serverside data, POST is the correct method.
But if you are trying to just read data from server, you should use GET method.
This is nicely explained here.
If you want to disable CSRF renewal because it would not be necessary to generate a new token per request you can do it in CI v3.0 by setting the configuration:
$config['csrf_regenerate'] = FALSE;
If you, on the other hand, prefer to get a new token and refresh your form for a new submission, read this howto.