post怎么传值比较安全-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

post怎么传值比较安全

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 23, 2016 pm 02:04 PM

如果form表单传值的话赶紧不太安全。
比如说我要把某些参数hidden起来进行传值的话，然后我用chrome查看元素修改hidden里面的post的值的话，那么传值过去的就是我已经修改过的post值了。

不知道大家能不能看懂我的意思

回复讨论(解决方案)

可以用将军令

别开玩笑，我试过了，改完元素的话传值照样是可以传进去的

form 表单本来就是用来获取用户输入的数据用的，要传一些隐秘的数据一般不用它。

除非发送方的加密和接收方的解密都是独立控件，不然就没什么安全可言

https最安全

form 表单本来就是用来获取用户输入的数据用的，要传一些隐秘的数据一般不用它。

那像支付宝价格参数怎么传过去呢？demo里面给的是post过去的。
我现在没辙了准备把价格弄到session里面传过去了

为什么要放在 hidden 中传来传去呢？

再说你收到后就不核对一下么

再说你收到后就不核对一下么

对了，核对一下，脑子秀逗了

然后除了get和post的话像这种比较重要的数据传值的话我是真的不太清楚怎么传值，所以才来问问有经验的人

<input size="30" type="hidden" name="WIDtotal_fee" value="{wa:$order.c_price}" />

SSL

客户端其实保证不了的，你只能在服务器端做校验，看传来的对不对。

还有你说的“弄session传过去”，你搞错了吧！

price 显然不能依赖传入的值（正像你说的那样可能被篡改）
既然是需要在接收后核实，那么就没必要放到表单中去了

price 显然不能依赖传入的值（正像你说的那样可能被篡改）
既然是需要在接收后核实，那么就没必要放到表单中去了

我明白这么做肯定是非常不对的，但是我现在不知道应该怎么把price的值安全给到下一个支付页面。

现在我的传值一般用的都是get，post，session，就用过这三种方法。

楼上说的ssl传值的话说实话一点也没接触过，还是说像支付price这类关键参数都是ssl传值过去的？

curl 或 sock
肯定不会是通过用户表单提交的

在下一个页面，再算一次，价格！

在服务端根据用户购买的商品的ID再查一次数据库，进行价格计算
然后给出价格确认页面就可以了

post比get要安全，可以尝试使用AJAX

curl 或 sock
肯定不会是通过用户表单提交的

+1
不应由客户端直接传到第三方
应该提交到服务器端，再由服务器端程序做一次安全校验，再传给第三方
这样，除非采用极端手段，不然只能拦截/修改客户端->服务器端，不能拦截服务器->第三方

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

11 Best PHP URL Shortener Scripts (Free and Premium)Mar 03, 2025 am 10:49 AM

Long URLs, often cluttered with keywords and tracking parameters, can deter visitors. A URL shortening script offers a solution, creating concise links ideal for social media and other platforms. These scripts are valuable for individual websites a

Introduction to the Instagram APIMar 02, 2025 am 09:32 AM

Following its high-profile acquisition by Facebook in 2012, Instagram adopted two sets of APIs for third-party use. These are the Instagram Graph API and the Instagram Basic Display API.As a developer building an app that requires information from a

Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PM

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

Build a React App With a Laravel Back End: Part 2, ReactMar 04, 2025 am 09:33 AM

This is the second and final part of the series on building a React application with a Laravel back-end. In the first part of the series, we created a RESTful API using Laravel for a basic product-listing application. In this tutorial, we will be dev

Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PM

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AM

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PM

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

Announcement of 2025 PHP Situation SurveyMar 03, 2025 pm 04:20 PM

The 2025 PHP Landscape Survey investigates current PHP development trends. It explores framework usage, deployment methods, and challenges, aiming to provide insights for developers and businesses. The survey anticipates growth in modern PHP versio

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks agoByDDD

Hot Tools

Zend Studio 13.0.1

Powerful PHP integrated development environment

Notepad++7.3.1

Easy-to-use and free code editor

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.