如果form表单传值的话赶紧不太安全。
比如说我要把某些参数hidden起来进行传值的话,然后我用chrome查看元素修改hidden里面的post的值的话,那么传值过去的就是我已经修改过的post值了。
不知道大家能不能看懂我的意思
回复讨论(解决方案)
可以用将军令
别开玩笑,我试过了,改完元素的话传值照样是可以传进去的
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
除非发送方的加密和接收方的解密都是独立控件,不然就没什么安全可言
https最安全
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
那像支付宝价格参数怎么传过去呢?demo里面给的是post过去的。
我现在没辙了准备把价格弄到session里面传过去了
为什么要放在 hidden 中传来传去呢?
再说你收到后就不核对一下么
再说你收到后就不核对一下么
对了,核对一下,脑子秀逗了
然后除了get和post的话像这种比较重要的数据传值的话我是真的不太清楚怎么传值,所以才来问问有经验的人
<input size="30" type="hidden" name="WIDtotal_fee" value="{wa:$order.c_price}" />
SSL
客户端其实保证不了的,你只能在服务器端做校验,看传来的对不对。
还有你说的“弄session传过去”,你搞错了吧!
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
我明白这么做肯定是非常不对的,但是我现在不知道应该怎么把price的值安全给到下一个支付页面。
现在我的传值一般用的都是get,post,session,就用过这三种方法。
楼上说的ssl传值的话说实话一点也没接触过,还是说像支付price这类关键参数都是ssl传值过去的?
curl 或 sock
肯定不会是通过用户表单提交的
在下一个页面, 再算一次,价格!
在服务端根据用户购买的商品的ID再查一次数据库,进行价格计算
然后给出价格确认页面就可以了
post比get要安全,可以尝试使用AJAX
curl 或 sock
肯定不会是通过用户表单提交的
+1
不应由客户端直接传到第三方
应该提交到服务器端,再由服务器端程序做一次安全校验,再传给第三方
这样,除非采用极端手段,不然只能拦截/修改客户端->服务器端,不能拦截服务器->第三方

Long URLs, often cluttered with keywords and tracking parameters, can deter visitors. A URL shortening script offers a solution, creating concise links ideal for social media and other platforms. These scripts are valuable for individual websites a

Following its high-profile acquisition by Facebook in 2012, Instagram adopted two sets of APIs for third-party use. These are the Instagram Graph API and the Instagram Basic Display API.As a developer building an app that requires information from a

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

This is the second and final part of the series on building a React application with a Laravel back-end. In the first part of the series, we created a RESTful API using Laravel for a basic product-listing application. In this tutorial, we will be dev

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

The 2025 PHP Landscape Survey investigates current PHP development trends. It explores framework usage, deployment methods, and challenges, aiming to provide insights for developers and businesses. The survey anticipates growth in modern PHP versio


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Zend Studio 13.0.1
Powerful PHP integrated development environment

Notepad++7.3.1
Easy-to-use and free code editor

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
