安全原因 PHP
[英]Security Reasons PHP
问题描述
After a successfull login, the user will be send to the page that correspondens to him.
登录成功后,用户会跳转到他对应的页面。 So I made that with an header('Location: URL?id=$id)所以我用header('Location: URL?id=$id)
What can I do that the ID will be hidden in the url.我该怎么做才能使 ID 隐藏在 url 中。 So that the user can't change the ID ont the URL?这样用户就不能更改 URL 上的 ID? For example I'm logged in as a normal User with my id from the database 63 so un the url is display, page.php?id=63例如,我以普通用户身份登录,我的 id 来自数据库 63,因此显示 url, page.php?id=63
Now when the user changes the id to 64, he will se the page from the user with the id 64. Due security reason I will change that before to make the site online.现在,当用户将 id 更改为 64 时,他将从 id 为 64 的用户那里获取页面。出于安全原因,我将在此之前更改它以使站点在线。
How can I hidden the id in the URL by sending the user with an header('Location:')如何通过向用户发送header('Location:')来隐藏 URL 中的 id
Thank you guys !感谢你们 !
1 个解决方案
解决方案1
1 2021-01-31 14:51:03
Instead of stroing the id in the URL, you can store it in a session variable.您可以将其存储在 session 变量中,而不是在 URL 中存储 id。
You can start a session by using the following:您可以使用以下命令启动 session:
session_start();
And you can assign session variables using:您可以使用以下方法分配 session 变量:
$id = x; #id taken from database. change x to the database variable
$_SESSION["id"] = $id;
Replace 123 with the database user id variable.将123替换为数据库用户 ID 变量。
Also add session_start() to pages where you would want to use the $_SESSION variable.还将session_start()添加到您想要使用$_SESSION变量的页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.