Hello Every body.
My toturial today how to make token input in the send data
by form to the database by using php mysql it's so easily and useful .
most people why use it or what's token take me to more secure.
i answer :
Did you ever think when you create for example add a new article
you are need article name and content, However you send data usually
create if statement to check the user press on the submit button after this the system will insert data
to database by mysql, ok to here nice :)
Now do you know why we are using token input
if the user press on the button and insert data .
probably the user press on the refresh button in the browser.
after this browser show user message "send again"
and user click it . one two three ..... High Load .
If you want when user press on refresh button do not show this message ok .
Easily you are should be use token .
How the token work
you are have this form
<form action="<?php echo $PHP_SELF; ?>" method="post">
<table width="50%">
<tr>
<td>Article name</td>
<td>
<input type="text" name="thread_name" value="Article name" />
</td>
</tr>
<tr>
<td>Article content</td>
<td>
<textarea name="thread_content" cols="4"></textarea>
</td>
</tr>
<tr>
<td>Send data</td>
<td><input type="submit" name="send" value="Submit" /></td>
</tr>
</table>
</form>
This is the normally FORM
you are ask Whats the new ?
Now. we are use the token input in the form
Of course the token input it has type "hidden"
and value we are insert the hash value by md5 and some functions
<?php
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
?>
<form action="<?php echo $PHP_SELF; ?>" method="post">
<table width="50%">
<tr>
<td>Article name</td>
<td>
<input type="text" name="thread_name" value="Article name" />
</td>
</tr>
<tr>
<td>Article content</td>
<td>
<textarea name="thread_content" cols="4"></textarea>
</td>
</tr>
<tr>
<td>Send data</td>
<td><input type="submit" name="send" value="Submit" />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
</td>
</tr>
</table>
</form>
I hope to here you are known what's i do
Now in the send data to database
you should be using this way
<?php
if($_POST['send']){
if(isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']){
$name = mysql_real_escape_string(strip_tags(addcslashes($name)));
$content = mysql_real_escape_string(strip_tags(addcslashes($content)));
$insert = mysql_query("insert into threads('name','content') values ('$name','$content')");
if($insert){
echo "The article has been added successfully thank you";
}
}else{
echo "You are not humman";
}
}
?>
To here i completed the toturial and this the first toturial in english language becuase i'm from arab
and thank you all
Regard, Mohamed Alhussaini