post怎么传值比较安全
如果form表单传值的话赶紧不太安全。
比如说我要把某些参数hidden起来进行传值的话,然后我用chrome查看元素修改hidden里面的post的值的话,那么传值过去的就是我已经修改过的post值了。
不知道大家能不能看懂我的意思
回复讨论(解决方案)
可以用将军令
别开玩笑,我试过了,改完元素的话传值照样是可以传进去的
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
除非发送方的加密和接收方的解密都是独立控件,不然就没什么安全可言
https最安全
form 表单本来就是用来获取用户输入的数据用的,要传一些隐秘的数据一般不用它。
那像支付宝价格参数怎么传过去呢?demo里面给的是post过去的。
我现在没辙了准备把价格弄到session里面传过去了
为什么要放在 hidden 中传来传去呢?
再说你收到后就不核对一下么
再说你收到后就不核对一下么
对了,核对一下,脑子秀逗了
然后除了get和post的话像这种比较重要的数据传值的话我是真的不太清楚怎么传值,所以才来问问有经验的人
<input size="30" type="hidden" name="WIDtotal_fee" value="{wa:$order.c_price}" /> SSL
客户端其实保证不了的,你只能在服务器端做校验,看传来的对不对。
还有你说的“弄session传过去”,你搞错了吧!
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
price 显然不能依赖传入的值(正像你说的那样可能被篡改)
既然是需要在接收后核实,那么就没必要放到表单中去了
我明白这么做肯定是非常不对的,但是我现在不知道应该怎么把price的值安全给到下一个支付页面。
现在我的传值一般用的都是get,post,session,就用过这三种方法。
楼上说的ssl传值的话说实话一点也没接触过,还是说像支付price这类关键参数都是ssl传值过去的?
curl 或 sock
肯定不会是通过用户表单提交的
在下一个页面, 再算一次,价格!
在服务端根据用户购买的商品的ID再查一次数据库,进行价格计算
然后给出价格确认页面就可以了
post比get要安全,可以尝试使用AJAX
curl 或 sock
肯定不会是通过用户表单提交的
+1
不应由客户端直接传到第三方
应该提交到服务器端,再由服务器端程序做一次安全校验,再传给第三方
这样,除非采用极端手段,不然只能拦截/修改客户端->服务器端,不能拦截服务器->第三方
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1663
14
1420
52
1313
25
1266
29
1239
24
Explain different error types in PHP (Notice, Warning, Fatal Error, Parse Error).
Apr 08, 2025 am 12:03 AM
There are four main error types in PHP: 1.Notice: the slightest, will not interrupt the program, such as accessing undefined variables; 2. Warning: serious than Notice, will not terminate the program, such as containing no files; 3. FatalError: the most serious, will terminate the program, such as calling no function; 4. ParseError: syntax error, will prevent the program from being executed, such as forgetting to add the end tag.
PHP and Python: Comparing Two Popular Programming Languages
Apr 14, 2025 am 12:13 AM
PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.
Explain secure password hashing in PHP (e.g., password_hash, password_verify). Why not use MD5 or SHA1?
Apr 17, 2025 am 12:06 AM
In PHP, password_hash and password_verify functions should be used to implement secure password hashing, and MD5 or SHA1 should not be used. 1) password_hash generates a hash containing salt values to enhance security. 2) Password_verify verify password and ensure security by comparing hash values. 3) MD5 and SHA1 are vulnerable and lack salt values, and are not suitable for modern password security.
PHP in Action: Real-World Examples and Applications
Apr 14, 2025 am 12:19 AM
PHP is widely used in e-commerce, content management systems and API development. 1) E-commerce: used for shopping cart function and payment processing. 2) Content management system: used for dynamic content generation and user management. 3) API development: used for RESTful API development and API security. Through performance optimization and best practices, the efficiency and maintainability of PHP applications are improved.
What are HTTP request methods (GET, POST, PUT, DELETE, etc.) and when should each be used?
Apr 09, 2025 am 12:09 AM
HTTP request methods include GET, POST, PUT and DELETE, which are used to obtain, submit, update and delete resources respectively. 1. The GET method is used to obtain resources and is suitable for read operations. 2. The POST method is used to submit data and is often used to create new resources. 3. The PUT method is used to update resources and is suitable for complete updates. 4. The DELETE method is used to delete resources and is suitable for deletion operations.
PHP: A Key Language for Web Development
Apr 13, 2025 am 12:08 AM
PHP is a scripting language widely used on the server side, especially suitable for web development. 1.PHP can embed HTML, process HTTP requests and responses, and supports a variety of databases. 2.PHP is used to generate dynamic web content, process form data, access databases, etc., with strong community support and open source resources. 3. PHP is an interpreted language, and the execution process includes lexical analysis, grammatical analysis, compilation and execution. 4.PHP can be combined with MySQL for advanced applications such as user registration systems. 5. When debugging PHP, you can use functions such as error_reporting() and var_dump(). 6. Optimize PHP code to use caching mechanisms, optimize database queries and use built-in functions. 7
Explain the difference between self::, parent::, and static:: in PHP OOP.
Apr 09, 2025 am 12:04 AM
In PHPOOP, self:: refers to the current class, parent:: refers to the parent class, static:: is used for late static binding. 1.self:: is used for static method and constant calls, but does not support late static binding. 2.parent:: is used for subclasses to call parent class methods, and private methods cannot be accessed. 3.static:: supports late static binding, suitable for inheritance and polymorphism, but may affect the readability of the code.
How does PHP handle file uploads securely?
Apr 10, 2025 am 09:37 AM
PHP handles file uploads through the $\_FILES variable. The methods to ensure security include: 1. Check upload errors, 2. Verify file type and size, 3. Prevent file overwriting, 4. Move files to a permanent storage location.
