(Please disregard any security concerns you may have with this approach, I have a already taken more than enough precautions to make sure that there are no blatant vulnerabilities with this approach)
(请忽略此方法可能存在的任何安全问题,我已经采取了足够的预防措施,以确保该方法不存在明显的漏洞)
In PHP, I have many values in a table, with a few buttons to perform javascript functions associated with that row.
在PHP中,表中有许多值,其中有几个按钮用于执行与该行关联的javascript函数。
Example:
例子:
<td id="row1" record="1">
<button id="button1" onclick="aFunction($(this).parent().attr('record'))">Do a function</button>
</td>
Are there any issues (besides those of security) with this approach of storing identification variables in the HTML attributes of a table row?
在表行的HTML属性中存储标识变量的方法是否存在其他问题(除了安全性问题)?
1 个解决方案
#1
12
The W3C endorsed way to accomplish this is through HTML5 data-
attributes...
W3C通过HTML5数据属性来实现这一点。
And from a security stand point, if this data is simply the id of the record in the DB...
从安全的角度来看,如果这个数据仅仅是DB中的记录的id……
You shouldn't be relying on the obscurity of your ids as a security measure.
您不应该将id的晦涩作为一种安全措施。
As long as you have taken proper access control security measures, it should not, a security risk, be.
只要您采取了适当的访问控制安全措施,它就不应该,一个安全风险,是。
#1
12
The W3C endorsed way to accomplish this is through HTML5 data-
attributes...
W3C通过HTML5数据属性来实现这一点。
And from a security stand point, if this data is simply the id of the record in the DB...
从安全的角度来看,如果这个数据仅仅是DB中的记录的id……
You shouldn't be relying on the obscurity of your ids as a security measure.
您不应该将id的晦涩作为一种安全措施。
As long as you have taken proper access control security measures, it should not, a security risk, be.
只要您采取了适当的访问控制安全措施,它就不应该,一个安全风险,是。