Question

您已经检查了this page的答案：但它使用action=""是否容易受到XSS攻击？如果是，那么没有这样的解决方案我有什么选择？

我尝试使用标题重定向。但由于我有2个表单，（在某些页面4-5表格中）标题重定向不适用于我有错误。

这是我的代码:(简体）

第一种形式：可以正常使用重定向。

<form name="ip_block" method="post" class="form-horizontal">
            <div class="form-group">
           <label class="control-label col-sm-2" for="ip"> Enter IP:</label>
            <div class="col-sm-8">
                <input type="text" name="ip" class="form-control" id="ip" />
          </div></div>
         <div class="form-group"> 
            <div class="col-sm-offset-2 col-sm-8">
            <button type="submit" class="btn btn-default" 
            name="ip_block_add">Submit</button>
               </div></div>
             </form> 
        <?php
          if(isset($_POST['ip'])){
              if($IP = filter_input(INPUT_POST, 'ip', 
                FILTER_SANITIZE_STRING)){
              $add_ip = $mysqli->prepare("INSERT INTO block_ip(b_ip) 
                VALUES(?)");
              $add_ip->bind_param("s",$IP);
              $add_ip->execute();
              $add_ip->store_result();
              $add_ip->close();
             header("refresh:5;url=./admin-security.php");// avoiding form 
                 resubmission
             echo 'Added successfully';
              }
              else {
                    echo 'failed to insert';
              }
          }
        ?>

表格2：

 <form name="clear_data" method="post">
            <input type="hidden" name="data_clear" value="1"/>
            <button type="submit" class="btn btn-warning">Clean Data</button>
        </form>
                 <?php
              if(isset($_POST['data_clear'])){
              if($mysqli->query("CALL clear_old_data")){ 
              header("refresh:5;url=./admin-security.php");// avoiding form resubmission
              echo 'operation successfull'; 
              }   
       else
       {
         echo 'database failure';
          }
        }
      //----
    ?>

对于第二种形式，我得到像这样的错误

警告：无法修改标头信息 - 已由
发送的标头

对于第二种形式我在echo之前使用标题仍然无法正常工作。 reference，我也尝试使用javascript，但失败了。

 echo "<script>setTimeout('window.location.href='./admin-
 security.php';',4000);</script>";

已更新与Dainis Abols的想法：但表单重新提交选项仍在页面刷新上显示

            <form name="clear_data" method="post">
            <input type="hidden" name="data_clear" value="1"/>
            <?php
               $var=111;
               $_SESSION['var']=$var;
               ?>
            <input type="hidden" value="<?php echo $var; ?>" name="varcheck" 
              />
            <button type="submit" class="btn btn-warning">Clean 
                  Data</button>
                   </form>
                 <?php
              if(isset($_POST['data_clear']) && 
            ($_POST['varcheck']==$_SESSION['var'])){
             // Some code
             }

Answer 1

我宁愿使用ajax将数据发送到数据库，而不提交表单，并且在成功时我会使用js重定向到/admin-security.php。在这种情况下，无法两次发送数据。

这是PHP代码：

<div class="form-horizontal">
        <div class="form-group">
       <label class="control-label col-sm-2" for="ip"> Enter IP:</label>
        <div class="col-sm-8">
            <input type="text" name="ip" class="form-control" id="ip" />
      </div></div>
     <div class="form-group"> 
        <div class="col-sm-offset-2 col-sm-8">
       <button type="button" onClick="send_form()" class="btn btn-default" 
        >Submit</button>
           </div></div>
         </div>

HTML：

<script>
function send_form() {
  $.ajax({
     url: "./admin-security.php",
     type: "POST",
     data: {
       ip: $("#ip").val()
     },
     success: function(response) {
          if(response==1) {
              alert("Done");
              location.href = "./admin-security.php";
          }
          else alert("Fail!");
      }
  });
 }

使用JQuery编写的AJAX

book3 = xlrd.open_workbook('./data/excel1.xlsx')
sheet3 = book3.sheet_by_index(0)
for row_index in range(7, sheet3.nrows):
    row = sheet3.row_values(row_index)
    area_row = row[0] or area_row
    row[0] = area_row
    if len(fourrows) == 5:
       fourrows=[]
    fourrows.append(row)
    fourrows_transpose=list(map(list, zip(*fourrows)))
    val3 = sheet3.cell_value(rowx=0, colx=9)
    user3 = User.objects.filter(corporation_id=val3).first()
    if user3:
       area = Area.objects.filter(name="America").first()
       pref = Prefecture.objects.create(name="prefecture", area=user3.area)
       city = City.objects.create(name="city", prefecture=pref)
       price_u1000 = Price.upper1000.objects.get(city=city)
       price_500_1000 = Price.from500to1000.objects.get(city=city)
       price_u500 = Price.under500.objects.get(city=city)

       pref.name = "NY"
       pref.save()

         for i in range(2,len(fourrows_transpose)):
             city.name = fourrows_transpose[i][1]
             city.save()
             print(fourrows_transpose[i][1])

             price_u1000.name = fourrows_transpose[i][2]
             price_u1000.save()
             print(fourrows_transpose[i][2])

             price_500_1000.name = fourrows_transpose[i][3]
             price_500_1000.save()
             print(fourrows_transpose[i][3])

             price_u500.name = fourrows_transpose[i][4]
             price_u500.save()
             print(fourrows_transpose[i][4])

PHP阻止在同一页面上提交多个表单的重新提交

1 个答案: