是否可以确保隐藏的表单元素未被编辑?
我正在使用 Zend 表单。我有一个表单用于向数据库添加一行,然后生成一个带有“撤消”按钮的表单,以及带有所添加行的 id 的隐藏元素。 “撤消”表单是用刚刚隐藏的元素作为发布数据发布的,但我想知道是否有一种方法可以确保它没有被修改,就像使用 Javascript 或其他东西一样,这样只有最近创建的可以删除该用户的行。这可能吗?
更多详细信息(如果需要):撤消表单的构造函数将行 id 作为参数,因此我无法添加“相同”验证器,因为我可以检查的唯一数据是“撤消”中发布的数据形式,而不是“添加”形式。 另外,我需要一个不依赖于 Javascript 的解决方案。
编辑:看起来会议是可行的方法。成功了。
I'm using Zend forms. I have a form to add a row to a database, which then generates a form with an 'Undo' button, along with a hidden element with the id of the added row. The 'Undo' form is posted with that just hidden element as the post data, but I'm wondering if there is a way to make sure that it wasn't modified, like with Javascript or something, so that only the most recently created row by that user can be deleted. Is that possible?
More details, if they are necessary: The constructor for the undo form takes the row id as a parameter, so I can't add an 'identical' validator because the only data I can check against is what was posted in the 'Undo' form, not the 'add' form.
Also, I need a solution that doesn't depend on Javascript.
Edit: Looks like sessions is the way to go. Got it working.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您唯一的选择是在后端验证表单。用户的输入不应该也不可以被信任。
您可以将 ID 存储在用户的会话中,并根据该 ID 验证输入。
Your only choice is to validate the form on the back-end. Input from the user should not and cannot be trusted.
You could store the ID in the user's session and validate the input against that.
试试这个:
http://framework. zend.com/manual/en/zend.form.standardElements.html#zend.form.standardElements.hash
Try this:
http://framework.zend.com/manual/en/zend.form.standardElements.html#zend.form.standardElements.hash