dongyi1921
2012-06-30 08:06
浏览 36

阻止用户编辑隐藏的表单字段

I currently have a set of hidden input, the values are altered with jQuery.

echo "<input type='hidden' id='stack-information-1' value='$clickedtitle' readonly />
<input type='hidden' id='stack-information-2' value='$guidelinename' readonly />
<input type='hidden' id='stack-information-4' value='$clickedid' readonly />
<input type='hidden' id='stack-information-5' value='$starter' readonly />
<input type='hidden' id='stack-information-6' value='$category' readonly />
    <input type='hidden' id='stack-information-7' value='$sid' readonly />
    <input type='hidden' id='stack-information-8' value='$clickedposition' readonly />
    <input type='hidden' id='stack-information-9' value='0' readonly />";

I don't want the user to be able to change these values via hacking etc. This isn't valuable information, just integers and non-important strings. However what security measures do i take to prevent the user changing these values? Do i save the values in sessions?.. if so how do i access the values with jquery?

图片转代码服务由CSDN问答提供 功能建议

我目前有一组隐藏的输入,这些值是用jQuery改变的。

  echo“&lt; input type ='hidden'id ='stack-information-1'value ='$ clickedtitle'readonly /&gt; 
&lt; input type ='hidden'id ='stack-information  -2'value ='$ guidelinename'readonly /&gt; 
&lt; input type ='hidden'id ='stack-information-4'value ='$ clickedid'readonly /&gt; 
&lt; input type ='hidden'  id ='stack-information-5'value ='$ starter'readonly /&gt; 
&lt; input type ='hidden'id ='stack-information-6'value ='$ category'readonly /&gt; 
&lt;  ; input type ='hidden'id ='stack-information-7'value ='$ sid'readonly /&gt; 
&lt; input type ='hidden'id ='stack-information-8'value ='$ clickedposition  'readonly /&gt; 
&lt; input type ='hidden'id ='stack-information-9'value ='0'readonly /&gt;“; 
   
 
 <  p>我不希望用户能够通过黑客等来更改这些值。这不是有价值的信息,只是整数和非重要的字符串。 但是,我采取了哪些安全措施来防止用户更改这些值? 我是否在会话中保存值?..如果是这样,我如何使用jquery访问值? 
 
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douwei9973 2012-06-30 08:10
    已采纳

    Storing them anywhere on the client-side will leave them open to being read.

    I suggest if they're only temporarily relevant values to store them in the session and handle them only in the backend when you process whatever call they are related to. (i.e. don't output them to the client at all).

    If your javascript needs them to make some modification to the page, that logic should be relocated to the backend and called via ajax to 'ask the server' what the js should do.

    打赏 评论

相关推荐 更多相似问题