HTML隐藏的输入不应是可编辑的 [英] HTML hidden input shouldn't be editable
问题描述
我刚刚发现了一个找不到任何解决方案的错误,我希望您对此提出建议.问题是存在一些隐藏的输入类型,这些类型用于存储已经保存的数据的ID,例如每个人的ID(如果已经保存)等.
I just discovered a bug which I couldn't find any solution of, I would like your advise on that. Issue is there are a few hidden input types, which are there to store ID's of already saved data such as per person id if it is already saved etc. etc.
我只是尝试并使用Google chrome手动更改了该隐藏变量的值,然后提交了表单,但令人惊讶的是,我没有获得应有的ID,但是我收到了更改的ID.例如,有一个22值,我将其更改为263我收到了263,而我应该已经收到了22.我希望22不能超过263.
I just tried and change the value of that hidden variable manually, using google chrome and submit the form and surprisingly i did not get the id that should be there but instead i received the Id that I changed. for instance there was an value of 22 I change it 263 I received 263, whereas I should have be receiving 22. I want that 22 to come not that 263.
我很难解释,但是我已经尽我最大的努力来传达我的问题,请提供帮助并建议我如何存储一些不可编辑的隐藏值.
Its hard to explain I know but I have tried my level best to convey my issue please help and advise my on that how should I store some hidden value that are un-editable.
有什么想法吗?
推荐答案
Web开发规则#1:从不信任客户端
Rule of Web Development #1: Never trust the client
Web开发规则2:永远不要信任客户端
Rule of Web Development #2: Never trust the client
Web开发规则3:您不能使客户端值得信赖
Rule of Web Development #3: You can't make the client trustworthy
如果用户不能对其进行编辑,请不要将其提供给他们.
If the user shouldn't be able to edit it, never give it to them.
正如其他人所说,有几种方法可以处理这种情况.最常见的是在服务器上使用SESSION变量,该变量几乎随处可见.
As others have said, there are a few ways to handle the situation. The most common is to use a SESSION variable on the server, available almost everywhere.
将秘密"值存储在SESSION上.当用户发回邮件时,它们将可用.
Store the "secret" values on the SESSION. They will be available when the user posts back.
这篇关于HTML隐藏的输入不应是可编辑的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
