0

在将 POST 重定向到 GET 而不传递 URL 中的变量时,是否有一种线程安全的方式来传递变量?

我想要达到的就是这个。我有一个页面,其中包含一个允许用户上传图像的表单。该表单由浏览器作为 POST 发送到我的服务器。如果图片上传成功,页面将被重定向到一个 GET,我想在其中显示用户刚刚上传的图片。我能想到的在两个页面之间传递变量的唯一安全方法是通过 GET 参数。

图片上传.php

$imageID = processImageUpload();

if($imageID){
    redirect("/ImageDisplay.php?uploadedImageID=".$imageID)
}

图像显示.php

$uploadedImageID = getRequestVariable('uploadedImageID');
if($uploadedImageID != FALSE){
    //Display the image just uploaded with an 'image uploaded success!' message
}

//Display all the other images

虽然这不是世界上最糟糕的事情,但将变量包含为 GET 参数有点难看。这也有点误导,好像用户在重定向页面上点击刷新会看到“图片上传成功!” 再次发送消息,即使他们还没有上传图片。

是否有另一种线程安全的方式将变量从 POST 页面传递到 GET 页面?

使用会话或 cookie 变量是不安全的,因为可能同时上传两个图像,因此可能存在竞争条件。

我以为我可以使用重定向,然后阅读引荐来源标头,例如:

  1. POST 到重定向到的 ImageUpload.php
  2. GET ImageDisplay.php&uploadedImageID=123 重定向到
  3. GET ImageDisplay.php,我将从之前的 GET 请求中读取引荐来源网址。

然而,推荐人似乎始终是保存上传表单的页面,而不是任何中间步骤。

除了作为 GET 参数之外,还有其他方法可以将变量从一个请求传递到另一个请求吗?

4

3 回答 3

1

I think that passing GET parameter is a good choice for following reason :

  • Using a GET parameter will allow you to create an independent API. Suppose user uploads 10 pics and have 10 different values for a parameter, suppose, "imageName". Now the API can be independent allowing user to make calls like :
    1. ....getImage?imageName=1
    2. ....getImage?imageName=2
    3. ....getImage?imageName=3

What you may do is just rewrite the URL after the request has been completed so that the URL doesn't look ugly with imageName parameter.

I suppose keeping data in session should be last resort. Data in session makes it very difficult for the application to scale at Runtime. A server can't be shut down for maintenance before all the sessions on that server are closed. Essentially session data creates lots of troubles.

于 2012-12-26T05:04:55.450 回答
1

我建议的方法很丑陋,但它不会向用户显示查询字符串中的变量。

考虑如下修改您的ImageUpload.php文件(未经测试的代码):

$imageID = processImageUpload();

if($imageID){
    <?php
        <!Doctype html>
        <html>
            <head>
                <title>Upload successful! Redirecting...</title>
                <script type="text/javascript">
                    window.onload = function () {
                        document.getElementById("redirectionForm").submit();
                        return;
                    }
                </script>
            </head>
            <body>
                <div style="text-align: center; padding: 50px; font-style: italic;">
                    Image upload successful!
                    <br />
                    Please wait while you are redirected...
                </div>
                <form id="redirectionForm" action="ImageDisplay.php" method="post">
                    <input type="hidden" name="uploadedImageID" value="<?php echo $imageID; ?>" />
                </form>
            </body>
        </html>
    ?>
}

这将在客户端上输出一个表单,该表单反过来会将用户重定向到ImageDisplay.php以及相关的 POST 数据信息。

于 2012-12-26T05:12:22.027 回答
-1

You could set custom headers like:

header('X-UploadedImageID: 123');

You can access the headers by headers_list():

headers_list();

A var_dump() of the this would look something like:

array(2) {
  [0] =>
  string(35) "X-Powered-By: PHP/5.3.19"
  [1] =>
  string(22) "X-UploadedImageID: 123"
}

So to get the 123 you would just need to do something like:

$headers = headers_list();
echo str_replace('X-UploadedImageID: ', '', $headers[1]);

Which will give you: 123

Make sure you set these headers before you output any data and before you call your header location redirect.

Change your ImageUpload.php to:

$imageID = processImageUpload();

if($imageID){
    header('X-UploadedImageID: ' . $imageID);
    redirect("/ImageDisplay.php");
}

Change your ImageDisplay.php to:

$headers = headers_list();
$uploadedImageID = str_replace('X-UploadedImageID: ', '', $headers[1]);

if($uploadedImageID != FALSE){
    //Display the image just uploaded with an 'image uploaded success!' message
}
于 2012-12-26T05:10:42.603 回答