Complete the code to start a session in PHP.
<?php
[1];
?>In PHP, session_start() is used to start a session or resume the current one.
Complete the code to generate a CSRF token using PHP's random_bytes function.
<?php $token = bin2hex([1](32)); ?>
random_bytes(32) generates 32 random bytes suitable for cryptographic use.
Fix the error in the code that checks if the CSRF token from POST matches the session token.
<?php if (isset($_POST['csrf_token']) && hash_equals($_SESSION['csrf_token'], [1])) { // Valid token } ?>
The CSRF token sent by the form is in $_POST['csrf_token'], so it must be compared to the session token.
Fill both blanks to create a hidden input field in an HTML form that sends the CSRF token stored in PHP session.
<input type="hidden" name="csrf_token" value="<?php echo [1]; ?>"> <?php echo [2]; ?>
Use htmlspecialchars($_SESSION['csrf_token']) to safely output the token in HTML.
Fill all three blanks to store a new CSRF token in session, generate it securely, and include it in a form.
<?php session_start(); $_SESSION['csrf_token'] = [1]; ?> <form method="post"> <input type="hidden" name="csrf_token" value="<?php echo [2]; ?>"> <button type="submit">Submit</button> </form> <?php echo [3]; ?>
First, generate a secure token with bin2hex(random_bytes(16)) and store it in session. Then output the raw session token in the hidden input's value. Finally, echo the escaped token for safe HTML display.