dongyi1921 2012-06-30 08:06
浏览 38
已采纳

阻止用户编辑隐藏的表单字段

I currently have a set of hidden input, the values are altered with jQuery.

echo "<input type='hidden' id='stack-information-1' value='$clickedtitle' readonly />
<input type='hidden' id='stack-information-2' value='$guidelinename' readonly />
<input type='hidden' id='stack-information-4' value='$clickedid' readonly />
<input type='hidden' id='stack-information-5' value='$starter' readonly />
<input type='hidden' id='stack-information-6' value='$category' readonly />
    <input type='hidden' id='stack-information-7' value='$sid' readonly />
    <input type='hidden' id='stack-information-8' value='$clickedposition' readonly />
    <input type='hidden' id='stack-information-9' value='0' readonly />";

I don't want the user to be able to change these values via hacking etc. This isn't valuable information, just integers and non-important strings. However what security measures do i take to prevent the user changing these values? Do i save the values in sessions?.. if so how do i access the values with jquery?

  • 写回答

1条回答 默认 最新

  • douwei9973 2012-06-30 08:10
    关注

    Storing them anywhere on the client-side will leave them open to being read.

    I suggest if they're only temporarily relevant values to store them in the session and handle them only in the backend when you process whatever call they are related to. (i.e. don't output them to the client at all).

    If your javascript needs them to make some modification to the page, that logic should be relocated to the backend and called via ajax to 'ask the server' what the js should do.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!