通过PHP安全地重新填写张贴的表单数据 [英] Re-fill posted form data via PHP securely

问题描述

如何在发生错误时通过PHP重新填写张贴的表单数据。我有一个联系表单，用户输入一堆信息，如果一个字段没有验证，他就会失去一切。我怎样才能阻止这种情况发生并确保它是安全的？

How can I ref-fill posted form data via PHP in the event of an error. I have a contact form and the user enters a bunch of information and if one field doesn't validate, he loses everything. How can I stop this from happening and make sure it is secure?

我试过这个，但是我相信我在某个地方看不到它：

I've tried this, but believe I read somewhere it is not secure:

<input type="text" name="name" value="<?php echo $_POST['name']; ?>" />

推荐答案

$ _POST ['name'] 包含一个，那么该值可以'逃脱'出来并重写页面内容。

One issue is that if $_POST['name'] contains a ", then the value can 'escape' out and rewrite the page content.

另一个问题是，在严格错误检查开启的情况下，访问不存在的数组索引将引发 Notice 错误。

Another is that with strict error checking switched on, accessing a non-existent array index will throw a Notice error.

以下是重新填写表单数据的一种安全方式：

Here is one safe way of re-filling the form data:

<input type="text" name="name" value="<?php echo isset($_POST['name']) ? htmlspecialchars($_POST['name']) : ''; ?>" />

我个人建议通过框架处理表单显示和验证， Zend Framework中的Zend_Form（不需要为了使用表单而改变其他所有东西）它使得编写安全可读的代码变得更加简单。

I would personally recommend handling form display and validation through a framework, like Zend_Form within the Zend Framework. (You won't have to change everything else across just to use the form stuff) It makes writing safe and readable code much easier.

这篇关于通过PHP安全地重新填写张贴的表单数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！