I have a simple web application so far that is written in php using the laravel framework.
到目前为止,我有一个简单的Web应用程序,使用laravel框架在php中编写。
My question is in the title: if I have a web form that has multiple SELECT elements, could somebody use javascript to append new options to that `SELECT' element and submit the form (therefore saving items that weren't suppose to options in my database?)?
我的问题在标题中:如果我有一个包含多个SELECT元素的Web表单,是否有人可以使用javascript将新选项附加到该`SELECT'元素并提交表单(因此保存不在我的选项中的项目)数据库?)?
1 个解决方案
#1
0
As the comments have suggested, it is certainly possible to append options, or even change the values of what is being submitted.
正如评论所暗示的那样,当然可以附加选项,甚至可以更改提交内容的值。
To prevent this, you can use server side validation to check what is being passed in. Laravel provides validation out of the box that makes doing this a breeze.
为了防止这种情况,您可以使用服务器端验证来检查传入的内容.Laravel提供了开箱即用的验证,使得这样做变得轻而易举。
The validation rule you want to use is in:
您要使用的验证规则是:
The field under validation must be included in the given list of values.
验证字段必须包含在给定的值列表中。
Inside your controller function that receives the request, just add this at the top to validate the request before you pass it in to your database:
在接收请求的控制器函数内部,只需在顶部添加此函数以在将请求传递到数据库之前验证请求:
$validator = Validator::make($request->all(), [
'select_input' => 'in:foo,bar',
], [
'select_input.in' => 'The option selected was not valid!',
]);
if ($validator->fails()) {
return Redirect::back()
->withErrors($validator)
->withInput();
}
You would need to add these to the top of your controller:
您需要将这些添加到控制器的顶部:
use Validator;
use Input;
use Redirect;
There's plenty more validation that you can utilise, just read the docs.
您可以使用更多验证,只需阅读文档即可。
#1
0
As the comments have suggested, it is certainly possible to append options, or even change the values of what is being submitted.
正如评论所暗示的那样,当然可以附加选项,甚至可以更改提交内容的值。
To prevent this, you can use server side validation to check what is being passed in. Laravel provides validation out of the box that makes doing this a breeze.
为了防止这种情况,您可以使用服务器端验证来检查传入的内容.Laravel提供了开箱即用的验证,使得这样做变得轻而易举。
The validation rule you want to use is in:
您要使用的验证规则是:
The field under validation must be included in the given list of values.
验证字段必须包含在给定的值列表中。
Inside your controller function that receives the request, just add this at the top to validate the request before you pass it in to your database:
在接收请求的控制器函数内部,只需在顶部添加此函数以在将请求传递到数据库之前验证请求:
$validator = Validator::make($request->all(), [
'select_input' => 'in:foo,bar',
], [
'select_input.in' => 'The option selected was not valid!',
]);
if ($validator->fails()) {
return Redirect::back()
->withErrors($validator)
->withInput();
}
You would need to add these to the top of your controller:
您需要将这些添加到控制器的顶部:
use Validator;
use Input;
use Redirect;
There's plenty more validation that you can utilise, just read the docs.
您可以使用更多验证,只需阅读文档即可。