douduan5086 2011-07-21 04:59
浏览 28
已采纳

填充下拉框时,php或javascript更安全

Which is better from a security standpoint when populating an HTML select box?

Option A: PHP

<?php echo "<select name=\"empName\" id=\"empName\" class=\"text\" style=\"width:10em;\">
";?>
<?php include 'PHPscripts/getEmployeeNamesDB.php'?>
<?php echo "</select>
";?>

getEmployeeNamesDB.php

$dropdown = "";     
$tbl_name="employee"; // Table name 
$result = mysql_query("SELECT CONCAT_WS(' ', firstname, lastname) AS 'wholename', empid FROM     $tbl_name ORDER BY lastname") or die("cannot select result DB.php");       
while($row = mysql_fetch_assoc($result)) {        
    $empid = $row["empid"];         
    $name = $row["wholename"];         
    $dropdown .= "<option value=\"$empid\">$name</option>
"; 
}  
echo $dropdown;

Option B: Javascript

Same information except use an AJAX call to populate a javascript variable. then use javascript to make select statement?

Security is my primary concern but I would also like to know if you can come up with any other concerns I should consider.

  • 写回答

4条回答

  • dsarttv037029 2011-07-21 05:08
    关注

    The only security I see here is you have one more layer to deal with if you go the AJAX route. With PHP its purely a communication between your server scripts. With AJAX you have a communication from the end users browser over the network, which, can be anything. That user can use your JS if they want and supplement the query depending on how your JS builds that query.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B
  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决