如果form表单传值的话赶紧不太安全。
比如说我要把某些参数hidden起来进行传值的话,然后我用chrome查看元素修改hidden里面的post的值的话,那么传值过去的就是我已经修改过的post值了。
不知道大家能不能看懂我的意思
回复讨论(解决方案)
可以用将军令
别开玩笑,我试过了,改完元素的话传值照样是可以传进去的
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
除非发送方的加密和接收方的解密都是独立控件,不然就没什么安全可言
https最安全
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
那像支付宝价格参数怎么传过去呢?demo里面给的是post过去的。
我现在没辙了准备把价格弄到session里面传过去了
为什么要放在 hidden 中传来传去呢?
再说你收到后就不核对一下么
再说你收到后就不核对一下么
对了,核对一下,脑子秀逗了
然后除了get和post的话像这种比较重要的数据传值的话我是真的不太清楚怎么传值,所以才来问问有经验的人
<input size="30" type="hidden" name="WIDtotal_fee" value="{wa:$order.c_price}" /> SSL
客户端其实保证不了的,你只能在服务器端做校验,看传来的对不对。
还有你说的“弄session传过去”,你搞错了吧!
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
我明白这么做肯定是非常不对的,但是我现在不知道应该怎么把price的值安全给到下一个支付页面。
现在我的传值一般用的都是get,post,session,就用过这三种方法。
楼上说的ssl传值的话说实话一点也没接触过,还是说像支付price这类关键参数都是ssl传值过去的?
curl 或 sock
肯定不会是通过用户表单提交的
在下一个页面, 再算一次,价格!
在服务端根据用户购买的商品的ID再查一次数据库,进行价格计算
然后给出价格确认页面就可以了
post比get要安全,可以尝试使用AJAX
curl 或 sock
肯定不会是通过用户表单提交的
+1
不应由客户端直接传到第三方
应该提交到服务器端,再由服务器端程序做一次安全校验,再传给第三方
这样,除非采用极端手段,不然只能拦截/修改客户端->服务器端,不能拦截服务器->第三方
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
Discover File Downloads in Laravel with Storage::downloadMar 06, 2025 am 02:22 AMThe Storage::download method of the Laravel framework provides a concise API for safely handling file downloads while managing abstractions of file storage. Here is an example of using Storage::download() in the example controller:
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
How to Register and Use Laravel Service ProvidersMar 07, 2025 am 01:18 AMLaravel's service container and service providers are fundamental to its architecture. This article explores service containers, details service provider creation, registration, and demonstrates practical usage with examples. We'll begin with an ove
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 English version
Recommended: Win version, supports code prompts!
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SublimeText3 Linux new version
SublimeText3 Linux latest version
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
