形式和javascript的安全问题 [英] Security problem with form and javascript
问题描述
您好我正在开发一个HTML和javascript(jquery)的应用程序,HTML有一个表单,稍后会发送一封通过 get method 传递数据的电子邮件。
电子邮件是由服务器上的php发送的,但是直到我验证了我收到邮件服务通知时邮件未公开的收件人的表单域:并且所有字段都为空。我担心的是某人或某事正试图获取信息。任何人都可以帮忙吗?
$ b
注意如果您需要将我的代码发布,但我想知道的是有人将数据传递给我的PHP 。
您无法单独依靠javascript来进行验证,您必须验证服务器端。 b
$ b
您可能会从机器人访问。确保验证所有字段是否存在AND有效性,并使用 $ _ POST
而不是 $ _ GET
。
确保发送电子邮件的脚本无法被 $ _ GET
访问,这意味着只需输入url即可。如果输入:
http://yoursite.com/contact?email=oops&sendmail=true
它不应该能够发送电子邮件,这就是为什么我要使用 $ _ POST
。但是,如果您验证正确,则无论您使用哪种方法,都不应向您发送空值。
Hi I'm developing an application with HTML and javascript (jquery), the HTML has a form that later sends an email passing the data by get method.
The email is being sent by php on the server, but until I validated the fields of the form I received mail service notifications with mails undisclosed-recipients:; and all the fields null. My concern is that someone or something is trying to get info. Could anybody help with this.
Note if you need to put my code I can post it but what I want to know is how somebody is passing data null to my php.
You can't rely on javascript alone to do your validation, you MUST validate server side.
You're probably getting visits from bots. Make sure to validate the presence of AND validity of all your fields, and use $_POST
instead of $_GET
.
Make sure the script that sends the email cannot be accessed by $_GET
, meaning by simply typing in the url. If I type in:
http://yoursite.com/contact?email=oops&sendmail=true
It should not be able to send an email, that's why I say to use $_POST
. However, if you validate properly it should not be sending you empty values no matter which method you use.
这篇关于形式和javascript的安全问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!