HTML属性是否适合存储数据?

时间:2021-11-19 16:56:58

(Please disregard any security concerns you may have with this approach, I have a already taken more than enough precautions to make sure that there are no blatant vulnerabilities with this approach)

(请忽略此方法可能存在的任何安全问题,我已经采取了足够的预防措施,以确保该方法不存在明显的漏洞)

In PHP, I have many values in a table, with a few buttons to perform javascript functions associated with that row.

在PHP中,表中有许多值,其中有几个按钮用于执行与该行关联的javascript函数。

Example:

例子:

<td id="row1" record="1">
<button id="button1" onclick="aFunction($(this).parent().attr('record'))">Do a function</button>
</td>

Are there any issues (besides those of security) with this approach of storing identification variables in the HTML attributes of a table row?

在表行的HTML属性中存储标识变量的方法是否存在其他问题(除了安全性问题)?

1 个解决方案

#1


12  

The W3C endorsed way to accomplish this is through HTML5 data- attributes...

W3C通过HTML5数据属性来实现这一点。

And from a security stand point, if this data is simply the id of the record in the DB...

从安全的角度来看,如果这个数据仅仅是DB中的记录的id……

You shouldn't be relying on the obscurity of your ids as a security measure.

您不应该将id的晦涩作为一种安全措施。

As long as you have taken proper access control security measures, it should not, a security risk, be.

只要您采取了适当的访问控制安全措施,它就不应该,一个安全风险,是。

#1


12  

The W3C endorsed way to accomplish this is through HTML5 data- attributes...

W3C通过HTML5数据属性来实现这一点。

And from a security stand point, if this data is simply the id of the record in the DB...

从安全的角度来看,如果这个数据仅仅是DB中的记录的id……

You shouldn't be relying on the obscurity of your ids as a security measure.

您不应该将id的晦涩作为一种安全措施。

As long as you have taken proper access control security measures, it should not, a security risk, be.

只要您采取了适当的访问控制安全措施,它就不应该,一个安全风险,是。