[英]POST checkbox name even if its not checked
Is it possible to POST checkbox name even if its not checked? 是否可以发布复选框名称,即使未选中它也可以?
<input type='checkbox' class='tinyField' name='alert_by_email' value="1" <?PHP echo $alert_by_emailChecked ?> />
foreach ($_POST AS $field => $value)
$sql[] = $field." = '". $value."'";
$sql = implode(' , ',$sql);
$query = "UPDATE user_setup SET ".$sql." WHERE (userID = ".$userID.") " ;
$res = mysql_query($query);
So when I PRINT_R the POST i will get the field, but it will be empty 所以当我PRINT_R POST我会得到的字段,但它将为空
Array ( [alert_by_email] => '' )
在您的复选框之前添加它。
<input type='hidden' name='alert_by_email' value="" />
The straight forward answer is no. 直接答案是不。 The HTML form wont send the checkbox if it's not checked.
如果未选中,则HTML表单不会发送该复选框。
However, there are some workarounds: 但是,有一些解决方法:
if (isset($_POST['alert_by_email']))
if (isset($_POST['alert_by_email']))
In Short, No this is not possible if you are posting FORM without using any Javascript. 简而言之,如果您不使用任何Javascript发布FORM,则不可能。
Also, Your code may be injected easily as you are relying on user provided column names without validating those. 另外,由于您依赖用户提供的列名而不验证它们,因此可以轻松地注入代码。 I am posting alternative way to do that.
我正在发布替代方法。 Hope that helps:
希望有帮助:
Suppose you have this HTML Form: 假设您具有以下HTML表单:
<form method="POST">
First name:<br />
<input type="text" name="firstname" />
<br />
Last name:<br />
<input type="text" name="lastname" /><br />
<input type="submit" />
</form>
Now, if you want to update values using PHP, your code should be: 现在,如果要使用PHP更新值,则代码应为:
<?php
$columnArray = array('firstname' => NULL, 'lastname' => NULL); // This is list of columns which can be updated using form input values (NULL is default value here)
$submittedValues = array_intersect_key($_POST, $columnArray);
// Above code will produce an array like `array('firstname' => 'anyname', 'lastname' => 'anylastname')
//--> Now you can generate your SQL using `$submittedValues`
$sql = array();
foreach ($submittedValues as $field => $value)
{
$sql[] = $field." = '". $value."'";
}
$sqlString = implode(' , ',$sql);
Using this way, hacker will not be able to add extra columns which shouldn't be updated by user ie last_login_date or something. 使用这种方式,黑客将无法添加用户不应更新的额外列,例如last_login_date或其他内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.