通过PHP安全地重新填写张贴的表单数据 [英] Re-fill posted form data via PHP securely
问题描述
如何在发生错误时通过PHP重新填写张贴的表单数据。我有一个联系表单,用户输入一堆信息,如果一个字段没有验证,他就会失去一切。我怎样才能阻止这种情况发生并确保它是安全的?
How can I ref-fill posted form data via PHP in the event of an error. I have a contact form and the user enters a bunch of information and if one field doesn't validate, he loses everything. How can I stop this from happening and make sure it is secure?
我试过这个,但是我相信我在某个地方看不到它:
I've tried this, but believe I read somewhere it is not secure:
<input type="text" name="name" value="<?php echo $_POST['name']; ?>" />
推荐答案
$ _POST ['name'] 包含一个,那么该值可以'逃脱'出来并重写页面内容。
One issue is that if $_POST['name']
contains a "
, then the value can 'escape' out and rewrite the page content.
另一个问题是,在严格错误检查开启的情况下,访问不存在的数组索引将引发 Notice
错误。
Another is that with strict error checking switched on, accessing a non-existent array index will throw a Notice
error.
以下是重新填写表单数据的一种安全方式:
Here is one safe way of re-filling the form data:
<input type="text" name="name" value="<?php echo isset($_POST['name']) ? htmlspecialchars($_POST['name']) : ''; ?>" />
我个人建议通过框架处理表单显示和验证, Zend Framework中的Zend_Form(不需要为了使用表单而改变其他所有东西)它使得编写安全可读的代码变得更加简单。
I would personally recommend handling form display and validation through a framework, like Zend_Form within the Zend Framework. (You won't have to change everything else across just to use the form stuff) It makes writing safe and readable code much easier.
这篇关于通过PHP安全地重新填写张贴的表单数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!