HTML - 如何防止用户编辑表单的值?
我正在开发一个简单的网络应用程序,当我发现我可以使用 Chrome 编辑表单的输入默认值时,允许用户使用表单输入信息 -> 检查元素并使用不同的 hacked 提交页面代码>值.
I am developing a simple web apps that allowed user to key in information using a form when I discovered I could edit that form's input default value using Chrome -> Check Element and submit the page with a different hacked value.
代码:
<input id="radioOk_100237" name="radio_100237" type="radio" checked="" value="0">
像往常一样,我加载页面,然后使用 Google Chrome Check Element,我针对此复选框并将值更改为9",然后再提交,在我的后台页面中,它显示为9"而不是预设值来自这个输入元素的0".
As normal, I load the page then using Google Chrome Check Element, I targeted this checkbox and changed the value to "9" before submitting it, in my background page, it reads "9" instead of pre-set value of "0" from this input element.
如果每个用户都更改了值并提交,它将彻底破坏我的数据库.这怎么可能,我是否应该在提交之前加密页面或做一些事情?我完全迷路了,顺便说一句,我正在使用 PHP.
If every user changed the value and submit, it will completely thrashed my DB. How is this possible and am I supposed to encrypt the page or do something prior to submitting? I am totally lost, btw I am using PHP.
推荐答案
对于典型用户,您只需在表单字段中添加属性readonly.
For typical users, you can just add the attribute readonly to the form field(s).
对于试图操纵您的服务器的更高级的用户/黑客,您需要验证提交的每条数据,以确保篡改被捕获并拒绝.对此,没有防篡改的客户端技术.
For more advanced users/hackers that try to manipulate your server, you need to validate every piece of data that is submitted to ensure that tampering is caught and rejected. There is no client-side technique for this that is tamper-proof.
相关文章