


Being a novice with PHP, I may not be taking the correct route with forms but this way works for me, up to a point. Below is an example of my setup/

我在www.foo.com/add.php上有一个表单,该表单需要管理员才能登录到会话.该表单将数据插入数据库.提交后,将操作设置为 action ="scripts/add.php" ,然后使用PHP标头函数将其重定向到 www.foo.com/done.php .

I have a form at www.foo.com/add.php, which needs an admin to be logged in to the session. The form inserts data into a database. Once it is submitted, the actions is set to action="scripts/add.php" and then that is redirected using a PHP header function to www.foo.com/done.php.


What I want to know is, can you deny access to the script file directly, e.g. if you go to the script file in a web browser it could enter an empty row into the database or possibly cause some other security issues?

如果表单是使用 POST 方法提交的( method ="post" >< form> ),您仍然可以仅在POST请求上执行脚本,只需在顶部添加以下代码即可:

If the form is submitted using POST method (with attribute method="post" in <form>), you can still execute your script only on POST requests, by adding this at the top:
