HTML-如何防止用户编辑表单的值? [英] HTML - How to prevent user from editing form's value?
问题描述
我正在开发一个简单的Web应用程序,当我发现我可以使用Chrome-> Check Element编辑该表单的输入默认值并使用不同的hacked值提交页面时,允许用户使用表单键入信息.
I am developing a simple web apps that allowed user to key in information using a form when I discovered I could edit that form's input default value using Chrome -> Check Element and submit the page with a different hacked value.
代码:
<input id="radioOk_100237" name="radio_100237" type="radio" checked="" value="0">
通常,我先加载页面,然后使用Google Chrome Check Element,然后将其定位到该复选框,然后将其值更改为"9",然后再提交,在我的背景页面中,它显示为"9",而不是预设的此输入元素的"0".
As normal, I load the page then using Google Chrome Check Element, I targeted this checkbox and changed the value to "9" before submitting it, in my background page, it reads "9" instead of pre-set value of "0" from this input element.
如果每个用户都更改了值并提交,它将完全破坏我的数据库.这怎么可能?我应该在提交之前对页面进行加密或做些什么?我完全迷路了,顺便说一句,我正在使用PHP.
If every user changed the value and submit, it will completely thrashed my DB. How is this possible and am I supposed to encrypt the page or do something prior to submitting? I am totally lost, btw I am using PHP.
推荐答案
对于典型用户,您只需将readonly属性添加到表单字段即可.
For typical users, you can just add the attribute readonly to the form field(s).
对于尝试操纵服务器的更高级的用户/黑客,您需要验证所提交的每条数据,以确保捕获和拒绝篡改.对此,没有客户端技术可以防止篡改.
For more advanced users/hackers that try to manipulate your server, you need to validate every piece of data that is submitted to ensure that tampering is caught and rejected. There is no client-side technique for this that is tamper-proof.
这篇关于HTML-如何防止用户编辑表单的值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
