HTML - 如何防止用户编辑表单的值?

HTML - How to prevent user from editing form#39;s value?(HTML - 如何防止用户编辑表单的值?)

问题描述

我正在开发一个简单的网络应用程序，当我发现我可以使用 Chrome 编辑表单的输入默认值时，允许用户使用表单输入信息 -> 检查元素并使用不同的 hacked 提交页面代码>值.

I am developing a simple web apps that allowed user to key in information using a form when I discovered I could edit that form's input default value using Chrome -> Check Element and submit the page with a different hacked value.

代码:

<input id="radioOk_100237" name="radio_100237" type="radio" checked="" value="0"> 

像往常一样，我加载页面，然后使用 Google Chrome Check Element，我针对此复选框并将值更改为9"，然后再提交，在我的后台页面中，它显示为9"而不是预设值来自这个输入元素的0".

As normal, I load the page then using Google Chrome Check Element, I targeted this checkbox and changed the value to "9" before submitting it, in my background page, it reads "9" instead of pre-set value of "0" from this input element.

如果每个用户都更改了值并提交，它将彻底破坏我的数据库.这怎么可能，我是否应该在提交之前加密页面或做一些事情?我完全迷路了，顺便说一句，我正在使用 PHP.

If every user changed the value and submit, it will completely thrashed my DB. How is this possible and am I supposed to encrypt the page or do something prior to submitting? I am totally lost, btw I am using PHP.

推荐答案

对于典型用户，您只需在表单字段中添加属性readonly.

For typical users, you can just add the attribute readonly to the form field(s).

对于试图操纵您的服务器的更高级的用户/黑客，您需要验证提交的每条数据，以确保篡改被捕获并拒绝.对此，没有防篡改的客户端技术.

For more advanced users/hackers that try to manipulate your server, you need to validate every piece of data that is submitted to ensure that tampering is caught and rejected. There is no client-side technique for this that is tamper-proof.

这篇关于HTML - 如何防止用户编辑表单的值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！