提交表单前,先用jquery检查$ _POST数据 [英] Check $_POST data with jquery before submitting the form
问题描述
我有一个向数据库发送用户的First Name的表格.我正在检查用户使用php中的regex发送的信息.
为了使我的项目更具交互性,我决定先验证信息jQuery,然后再将其发送到PHP.
I have a form that sends the store the First Name of the user in a database. I was checking the information send by the user using regex in php.
To make my project more interactive, I decided to validate the information jQuery before sending it to PHP.
我的项目如下:
<script type="text/javascript" src="jquery-2.2.3.min.js"></script>
<script src="http://code.jquery.com/ui/1.9.1/jquery-ui.js" type="text/javascript"></script>
<body>
<form >
<div>
<label>First Name</label>
<input name="firstname" type="text">
</div>
<div>
<input type="submit">
</div>
</form>
</body>
</html>
<script>
$(document).ready(function() {
$("form").submit(function (e) {
var firstname = $(this).find('input[name="firstname"]').val();
var regex = /^[A-Za-z0-9 \-']+$/;//Only numbers, Letters, dashes, apostrophes and spaces are accepted
if(regex.test(firstname)){
alert('Valid Name.');
}else{
alert('Invalid Name.');
e.PreventDefault();
}
});
});
</script>
现在我有2个问题:
- 在将数据存储到数据库之前,真的需要再次检查PHP中的
First Name吗? (以提高安全性) - 如何在
alert('Valid Name.');之后立即提交表单?
- Is it really need to check the
First Namein PHP again before storing the data in the database ? (To improve security) - How can I submit the form right after the
alert('Valid Name.');?
感谢您的帮助.
推荐答案
首先要记住,对用户输入的验证仅在应用程序的服务器端实现!!!您无法使用JS在客户端验证输入数据,因为它可以非常容易地传递(通过禁用javascript或使用诸如Curl之类的工具).
First of all have in mind that the validation of users input is implementing at the server side of an application only!!! You can not validate input data at client side with JS because it can be passed very easy(either by disabling javascript or by using tools like Curl).
但是,您可以增加用户体验,例如在提交表单之前验证输入或通知用户忘记填写输入.
However you can increase user experience like validate an input before submitting the form or inform the user that forgot to fill in an input.
要通知用户未填写的内容,您可以像上面一样使用新的html 5属性required
To inform the user about a not fill in input you can just use the new html 5 attribute required like above
Username: <input type="text" name="usrname" required>
required属性将不允许用户提交表单,除非他已经填写了相关的输入.
the required attribute will not let the user submit the form unless he had filled the associated input.
此外,您还可以使用maxlength属性来解决一个用例,例如密码必须包含X个最大字母.
Also you can use the maxlength attribute to address a use case like "A password must have X max letters.
Password: <input type="password" name="pass" maxlength="8" size="8"><br>
如何在服务器端验证输入
有许多技术可以在Stackoverflow上找到所有这些技术. Ι将引用投票最高的帖子如何防止PHP中的SQL注入? 可以准确回答您的问题.
There are many techniques for this and you can find all of them here at Stackoverflow. Ι will refer the top voted post How can I prevent SQL injection in PHP? which answer exactly your question.
只有两个项目符号使上面的帖子更加紧凑,我建议您以其他方式阅读
Just two bullets that compact the above post that i suggest you read otherwise
-
始终转义数据
Always escape your data
使用mysqli代替mysql
Use mysqli instead of mysql
如何在警报(有效名称")之后立即提交表单; ?
这很简单,只需使用此代码
this is very easy just use this code
<form action="action_page.php" method="post">
<div>
<label>First Name</label>
<input name="firstname" type="text">
</div>
<div>
<input type="submit">
</div>
</form>
上面的代码将使用POST方法将用户的输入发送"到action_page.php的过程中,您可以在其中使用$_POST超级球表(如$firstname = $_POST['fistsname']等)进行读取.
the above code will "send" user's input for process at action_page.php using POST method, where you can read using $_POST supergloba table like $firstname = $_POST['fistsname'] etc.
这篇关于提交表单前,先用jquery检查$ _POST数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
