session中token标识用于防止表单重复提交

<?php

/**

token（令牌）一般用于两个地方

1.防止表单提交

2.anti csrf攻击（跨站点请求伪造）

*/

session_start();
function set_token() {
$_SESSION['token'] = md5(microtime(true));
}
function valid_token() {
$return = $_REQUEST['token'] === $_SESSION['token'] ? true : false;
set_token();
return $return;
}
//如果token为空则生成一个token
if(!isset($_SESSION['token']) || $_SESSION['token']=='') {
set_token();
}
if(isset($_POST['test'])){
if(!valid_token()){
echo "重复提交，token error";
}else{
echo '成功提交';
}
}
?>

<!DOCTYPE HTML>
<html>
<meta charset="UTF-8">
<head>
<title>Form表单</title>
</head>
<body>
<form method="post" action="">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']?>">
<input type="text" name="test" value="Default">
<input type="submit" value="提交" />
</form>
</body>
</html>