dqblm40280 2012-05-14 10:33
浏览 57
已采纳

使用Ajax + JQuery + MySql + PHP保存表单

I was wondering about the best way to setup to following.

I have a dynamic form that can potentially get very long once a user has finished adding their data. What I was hoping to setup is a background process that saves the data they have to the database.

What I had setup was a settimer function that would check if a question is in a saved state and if not add it to a list of questions to save. Then it would trigger an ajax call which uses php to post to my database. The first time this happens the ajax will return the id of the submission so the form knows where to post these to.

The second time the set timer function is run it passes this id.

My biggest problem is I don't want the user to know table ids. I was just thinking someone can mess with the javascript and submit their results to other ids pretty easily.

I was just wondering if there is a better way to achieve this? Or even some examples?

Thanks

  • 写回答

1条回答 默认 最新

  • doucuo1642 2012-05-14 10:44
    关注

    Generally speaking, you should probably keep the ID on the server-side in a $_SESSION variable and never let it get anywhere near the client. Alternatively, the form might contain sufficiently identifiable information to be able to determine the relevant record on the basis of some UNIQUE index.

    However, if you prefer, you could also add some cryptographic authentication to prove that the ID has not been altered by the user. For example, in addition to the ID itself, return to the client a secure hash of the ID concatenated with some secret; when the client posts back to your server both the ID and that hash, you can compare against a recalculated version of the hash to check that only someone who knew the secret (i.e. you) could have provided the client with that ID.

    In order to defeat more sophisticated attacks, you might want to add some salt:

    $salt = some_random_string();
    $hash = md5( md5($secret) . md5($id) . md5($salt) )
    

    Then send to the client the hash, the ID and the salt; all three of which it will return to you for validation.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)