堆栈内存溢出
  简体   繁体   English

有没有办法将 **type** HTML 输入属性值传递给 HTML/PHP 表单中的 $_POST 数组?

[英]Is there a way to pass the **type** HTML input attribute value to the $_POST array in a HTML/PHP Form?

 原文  2021-04-03 13:51:03       php/ html/ forms/ validation/ input

问题描述

Can we somehow pass the type HTML input attribute value to the $_POST array or grab it anyhow else with PHP?我们能否以某种方式将 HTML type的输入属性值传递给 $_POST 数组,或者使用 PHP 以其他方式获取它?

I am aware that I can create a hidden field and basically put the type of the real input into the value of the hidden field, but this seems a bit like "repeating" work to me.我知道我可以创建一个隐藏字段并将实际输入的类型基本上放入隐藏字段的值中,但这对我来说似乎有点像“重复”工作。

I want to create a Form, where input values are submitted to the $_POST and I can detect the type of that input without the need to hardcode/map the single inputs to each a type.我想创建一个表单,其中输入值提交到 $_POST并且我可以检测该输入的类型,而无需将单个输入硬编码/映射到每个类型。

In this way I could detect the field type and act upon without the need to create a "map" that maps my custom inputs (by name or ID) to a certain type, which I already declare in HTML form anyway.通过这种方式,我可以检测字段类型并采取行动,而无需创建将我的自定义输入(按名称或 ID)映射到某种类型的“映射”,无论如何我已经以 HTML 形式声明了该类型。

It seems a real shortcoming that the type of an input is undetectable in a Form Submit - or perhaps (hopefully) I miss something?在表单提交中无法检测到输入的类型似乎是一个真正的缺点 - 或者(希望)我错过了什么?

2 个解决方案

解决方案1
 1 已采纳  

Can we somehow pass the type HTML input attribute value to the $_POST array or grab it anyhow else with PHP?我们能否以某种方式将 HTML 类型的输入属性值传递给 $_POST 数组,或者使用 PHP 以其他方式获取它?

Not per se.不是本身。

I am aware that I can create a hidden field and basically put the type of the real input into the value of the hidden field我知道我可以创建一个隐藏字段,基本上将真实输入的类型放入隐藏字段的值中

That is a way to do it.这是一种方法。

It seems a real shortcoming that the type of an input is undetectable in a Form Submit在表单提交中无法检测到输入的类型似乎是一个真正的缺点

Usually you know what type of data you expect for a given field because you aren't processing them generically, so it would rarely be a useful feature.通常你知道给定字段的数据类型是什么,因为你不是一般地处理它们,所以它很少是一个有用的特性。

perhaps (hopefully) I miss something?也许(希望)我错过了什么?

No.不。

解决方案2
 1  2021-04-03 14:14:34

Well here is the breakdown;好吧,这是细分;

GET accessed via $_GET in PHP tackling and POST accessed via $_POST in PHP are transport methods, so is PUT, and DELETE etc for a from it does not matter what method you use it only works on client side and only knows to map every thing in it into serialised query string or at least have it read for being serialised.从Z2FEC392304A5C23AC138DA222847F9B7CZ访问并通过$ _POST访问Z2FEC392304A5C23AC1138DA2222847F9B7CZ仅在Z29230111111中,仅在Z2923011111上使用Z,因此仅在Z2923847 c中使用Z,因此仅在Z292301111上使用Z,因此仅在Z29238DAC11上使用,并且仅适用于客户端,并在deledy中访问了您,并且仅在deleds上使用,并且从Z2FEC392304A5C23AC138DA222847F9B7CZ进行访问,并仅适用于cointer of tock youts,它只是在delets等。将其中的内容转换为序列化的查询字符串,或者至少将其读取以进行序列化。

For example例如

<input type="text" id="firstname" name="fname">

it takes the name attribute and converts into this它采用 name 属性并转换为此

?fname=ferret

See it didn't even bother with ID attribute.看到它甚至没有打扰 ID 属性。 When we hit submit button form will only run through name attributes of each input and make LHS of the with value and add user input as RHS to the value.当我们点击提交按钮时,表单将只运行每个输入的名称属性,并使 LHS 具有值并将用户输入作为 RHS 添加到值中。 It will not do anything else at all.它根本不会做任何其他事情。

On PHP side we ask $_GET tunnel are there any query strings in the request or $_POST tunnel.在 PHP 方面,我们询问 $_GET 隧道请求或 $_POST 隧道中是否有任何查询字符串。 Each of these if there is any query string - emphasis on word string.如果有任何查询字符串,这些中的每一个 - 强调单词字符串。 explodes the string into array and gives it you.将字符串分解为数组并提供给您。 hence $POST['fname'].因此 $POST['fname']。 Looks something like this看起来像这样

$_POST = [
fname => 'ferret',
someothingelse => 'someothervalue']

SO what you are trying to do is or at least asking to do is...make browser change its BOM behaviour - which we cannot in real sense of the matter;所以你想要做的是或者至少要求做的是……让浏览器改变它的 BOM 行为——我们不能真正意义上的这样做; to make form add some thing like this.使表单添加这样的东西。

?fname=ferret,text 

?fname=ferret-text

?fname=ferret/text

form by default will not do this, unless you run custom function updating each query before submit and that is pron to what we call escaping, 3/100 time you would miss it given the chance默认情况下,表单不会执行此操作,除非您运行自定义 function 在提交之前更新每个查询,这与我们所说的 escaping 一致,如果有机会,您会错过 3/100 次

Then on PHP side you want PHP to figure out on its own that after slash is type like so然后在 PHP 方面,您希望 PHP 自己弄清楚斜线之后的类型是这样的

$_POST = [
fname => 'ferret/text']

PHP would not do that on its own, unless you fork it make custom whatever like Facebook has done and then run it or at least make some kind of low level library but that too would be after the fact. PHP 不会自己做到这一点,除非你分叉它像 Facebook 所做的那样定制,然后运行它,或者至少制作某种低级库,但这也是事后的事。

in case your not wondering, thats how XSS and injections happen.如果您不知道,那就是 XSS 和注入的发生方式。

SO query string standards are rigid to keep things a string with militaristic data and serialised.所以查询字符串标准是严格的,以保持带有军国主义数据和序列化的字符串。

So yes what you intended to do with hidden field is one tested way of achieving what you are want.因此,是的,您打算对隐藏字段执行的操作是一种经过测试的实现您想要的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何以隐藏在html表单中的输入类型传递php数组 - How to pass php array in input type hidden in html form HTML 表单 - 输入类型隐藏在 PHP 后输入不起作用 - HTML Form - Input Type hidden with PHP post input not working 在HTML中以php形式发布:当按钮类型=按钮时,如何传递值? - in html post to php form: when button type = button, how to pass value? 如何将php变量值传递给html表单的action属性 - how to pass php variable value to action attribute of html form PHP $ _POST函数无法识别HTML表单输入值 - PHP $_POST function not recognizing HTML form input value 如何像自动竞争一样将数据库值传递给php中的html输入类型 - how to pass database value to html input type in php like autocompet 如何通过POST类型的HTML表单发送PHP数组 - How to send PHP array by html form by POST type HTML / PHP-表单-输入为数组 - Html/PHP - Form - Input as array HTML表单输入到PHP数组 - HTML form input to PHP array HTML 5错误输入类型日期POST表单 - HTML 5 Bug Input Type Date POST Form
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM