All say that 'input hidden' is not safe, but what would be another alternative to replace the 'hidden input' and send information hidden in the form? (I use in my application php, javascrip, jquery...)
所有人都说“输入隐藏”并不安全,但是替换“隐藏输入”并发送隐藏在表单中的信息的另一种选择是什么? (我在我的应用程序中使用php,javascrip,jquery ......)
1 个解决方案
#1
2
There is nothing intrinsically unsafe with the input element with type hidden as it is, and it serves its purpose well (retain and send a hidden value along with the form). It is just as "safe" as any form control can be (prone to user tampering, etc).
输入元素的类型隐藏不存在本质上不安全的情况,并且它很好地用于其目的(保留并发送隐藏值以及表单)。它与任何表单控件一样“安全”(易于用户篡改等)。
<form method="post">
<input type="hidden" name="hiddenfield" value="xxx" />
<input type="submit" name="submit" value="Send" />
</form>
As with any other form data, however, you must properly validate its submitted value server-side, that's all there is to it.
但是,与任何其他表单数据一样,您必须正确验证其提交的服务器端值,这就是它的全部内容。
#1
2
There is nothing intrinsically unsafe with the input element with type hidden as it is, and it serves its purpose well (retain and send a hidden value along with the form). It is just as "safe" as any form control can be (prone to user tampering, etc).
输入元素的类型隐藏不存在本质上不安全的情况,并且它很好地用于其目的(保留并发送隐藏值以及表单)。它与任何表单控件一样“安全”(易于用户篡改等)。
<form method="post">
<input type="hidden" name="hiddenfield" value="xxx" />
<input type="submit" name="submit" value="Send" />
</form>
As with any other form data, however, you must properly validate its submitted value server-side, that's all there is to it.
但是,与任何其他表单数据一样,您必须正确验证其提交的服务器端值,这就是它的全部内容。