'Form action running without click input
I want the code in the form action to run when I click the input button, but it works every time I refresh the page.
<form name="musluk" method="POST" action="<?php $res=mysqli_query($link,"UPDATE kullanicilar SET kredi= kredi +$musluk WHERE id=".$_SESSION['id']);?>">
<input name="musluk" type="submit" class="btn btn-primary" value="Kazancı Al">
</form>
Solution 1:[1]
Add a random nonce (number only used once or something like this), like a number with 5 digits, in a hidden input field, and store it in the $_Session. When calling the script in action, check if the correct nonce number was send before running the script.
$nonce = rand(1000, 9999) ;
$_SESSION["nonce"] = $nonce ;
<input type="hidden" name="nonce" value="<?php echo $nonce ?>">
And in the aciton-script run:
if(0 === strcmp($_POST["nonce"],$_SESSION["nonce"]){
$runSuperCode() ;
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Dharman |