Laravel 表单：如何在不使用表单的情况下将隐藏信息传递给 controller

Question

I'm creating a website with a catalog, trading system, and custom currency (In Laravel).

I have the catalog and custom currency completely done (at-least to far), it's just the trading system. I'm so close to having the trading system done, except for this one thing that keeps holding me back, even though I think it should be pretty simple to do.

Each catalog item has a unique ID (in the database called uid), and the trading system Trades items based on the unique item id.

Here is the Trading Page for reference. I have it to where if you click the checkbox on an item you want or want to give away, it sends all the uid's you checked into one array ( Note: I have 2 seperate arrays, one for the offering items, and one for the requesting items ).

But the way I have it right now is that it gets each Item uid based off a form input. Since I don't want users being able to edit items unique ID, I need a way to do this in the backend. I've tried researching but I haven't gotten too far with that.

I'm kind of new to laravel and making websites as a whole, so I don't really know how to go forward with this. I'm thinking I will have to use JavaScript, but I don't know how to send information to the controller using javascript. I've also heard encoding then decoding the values but I have no idea how to do that either.

HTML Code (Offering Side):

@foreach (Auth::user()->inventory()->paginate(9999) as $itemb)
                        <form class="form-horizontal" method="POST" enctype="multipart/form-data" action="{{ route('trade.s', $user->id, [$itemb->uid]) }}">
                        {{ Form::token() }}
                        <?
                        $itembb = $itemb->item_id;
                        $item =  Item::whereid($itembb)->first();
                        $yoyo = $item->selling()->orderBy('price', 'asc')->first();
                        ?>
                        @if ($item->limited == '1')
                        @if ($item->rbp()->count() > 0)
                        <div class="col-md-4" style="margin-top: 8px;display: inline-block;padding-left: 10px;">
                        <a>
                            <div class="card-body h-100" style="padding-top: 0px;padding-bottom: 0px;padding-right: 0px;padding-left: 0px;">
                        <div class="card h-100" style="border-radius: 0px; width: 120px;">
                            <img style="object-fit:cover; width: 100%; height: 50px;" src="/public/uploads/catalog/{{$item->image}}">
                            <span class="badge badge-success limited">Limited</span>
                            <div class="card-body" style="padding-bottom: 10px;padding-right: 10px;padding-left: 10px;padding-top: 10px;">
                            <h6>{{$item->title}}</h6>
                            <img style="margin-bottom: 2px;" src="{{ asset('public/img/nau.png') }}"> {{number_format($item->rbpp)}}
                            </div>
                            <div class="card-footer" style="padding-bottom: 0px;padding-top: 10px;padding-right: 0px;padding-left: 10px;">
                                (Getting uid value for each item checked)<input type="checkbox" name="out_data[]" value="{{$itemb->uid}}"> <label>Trade?</label>
                            </div>
                     </div>
                    </div>
</a>
</div>
                        @else
                        
                        @endif
                        @else
                        
                        @endif
                        @endforeach
                    </div>

Any help is very appreciated, (Sorry if my post is messy. please tell me if I need to put more code samples.)

Answer 1

From what I understand your fear is that people will modify the UUID of the item and try to "sell" another item that do not have. If that is the case you should not work on the form itself, but on the security in the backend. That is:

1. receive an item UUID for sale (or an array of items)
2. .important! check that each of the items' UUIDs belong to that particular logged in user.
3. if the all of the items belong to the user a) if they ALL belong to the user -- store them in the db as "selling" for that user. b) if even one item does NOT belong to the user - return a validation error. They should not be able to store items for sale that they do not have.

From what I read it seems you're skipping step 2. where you check the UUIDs you receive from the form.

Changing the html form to be somehow "unchangeable" would be pretty much impossible so work with your limitations, not against them. :)

Answer 2

Can you just include a hidden form input for each of the items which holds the uid? eg

<input type="hidden" name="uid" id="uid" value="{{ $item->uid }}">