堆栈内存溢出
  简体   繁体   English

POST复选框名称,即使未选中

[英]POST checkbox name even if its not checked

 原文  2015-03-11 15:09:09       php

问题描述

Is it possible to POST checkbox name even if its not checked? 是否可以发布复选框名称,即使未选中它也可以? 

    <input type='checkbox' class='tinyField' name='alert_by_email' value="1" <?PHP echo $alert_by_emailChecked  ?> />


foreach ($_POST AS $field => $value)
    $sql[] = $field." = '". $value."'";

$sql = implode(' , ',$sql);

$query = "UPDATE user_setup SET ".$sql." WHERE (userID = ".$userID.") " ;               

$res = mysql_query($query);

So when I PRINT_R the POST i will get the field, but it will be empty 所以当我PRINT_R POST我会得到的字段,但它将为空 

 Array ( [alert_by_email] => '' )

3 个解决方案

解决方案1
 0  2015-03-11 15:20:48

在您的复选框之前添加它。 

<input type='hidden' name='alert_by_email' value="" />

解决方案2
 0  2015-03-11 15:23:48

The straight forward answer is no. 直接答案是不。 The HTML form wont send the checkbox if it's not checked. 如果未选中,则HTML表单不会发送该复选框。

However, there are some workarounds: 但是,有一些解决方法:

  1. use js to Generate a hidden input for each checkbox you have, set the value to 0 or '', and whenever you check them, remove the hidden input. 使用js为您拥有的每个复选框生成一个隐藏的输入,将值设置为0或”,并在每次选中它们时都删除该隐藏的输入。
  2. you could simply test if the key exist in the post like so: if (isset($_POST['alert_by_email'])) 您可以像下面这样简单地测试密钥是否存在于帖子中: if (isset($_POST['alert_by_email']))

解决方案3
 0  2015-03-11 15:26:16

In Short, No this is not possible if you are posting FORM without using any Javascript. 简而言之,如果您不使用任何Javascript发布FORM,则不可能。

Also, Your code may be injected easily as you are relying on user provided column names without validating those. 另外,由于您依赖用户提供的列名而不验证它们,因此可以轻松地注入代码。 I am posting alternative way to do that. 我正在发布替代方法。 Hope that helps: 希望有帮助:

Suppose you have this HTML Form: 假设您具有以下HTML表单: 

<form method="POST">
First name:<br />
<input type="text" name="firstname" />
<br />
Last name:<br />
<input type="text" name="lastname" /><br />
<input type="submit" />
</form>

Now, if you want to update values using PHP, your code should be: 现在,如果要使用PHP更新值,则代码应为: 

<?php
  $columnArray = array('firstname' => NULL, 'lastname' => NULL); // This is list of columns which can be updated using form input values (NULL is default value here)
  $submittedValues = array_intersect_key($_POST, $columnArray); 
// Above code will produce an array like `array('firstname' => 'anyname', 'lastname' => 'anylastname')

//--> Now you can generate your SQL using `$submittedValues`
$sql = array();
foreach ($submittedValues as $field => $value)
{
  $sql[] = $field." = '". $value."'";
}

$sqlString = implode(' , ',$sql);

Using this way, hacker will not be able to add extra columns which shouldn't be updated by user ie last_login_date or something. 使用这种方式,黑客将无法添加用户不应更新的额外列,例如last_login_date或其他内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 即使未选中,复选框也始终选中 - Checkbox is always checked even not checked 记住复选框值,如果其检查的数组名称采用php形式 - remember checkbox value if its checked array name in a form php 复选框未显示为已选中状态,即使显示为已选中 - Checkbox is not displaying as checked, even though it is 用PHP表单发布复选框? - Checkbox checked with PHP form post? 用JavaScript选中的复选框不发布 - Checkbox checked with javascript does not POST 除非选中,否则$ _POST中的复选框未定义 - checkbox is undefined in $_POST unless it is checked 如何仅将选中复选框的值及其值组合到一个数组中并在没有会话的情况下发布到数据库中 - How to combine only the value of checked checkbox and its value into one array and post into database without session 在Laravel中迭代抛出复选框列表(即使未选中) - Iterate throw checkbox list, even if not checked, in Laravel 复选框插入数据库值,即使未选中 - Checkbox inserting database value even if not checked 复选框始终返回true,即使未选中也是如此 - Checkbox is always returning true, even when not checked
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM