验证php中的输入数据-javascript
[英]validation of input data in php - javascript
问题描述
I want to validate the data that the user enters in a form. 
我想验证用户在表单中输入的数据。 I have only a username and two fields for the password. 我只有一个用户名和两个密码字段。 My first question is that I check the data with javascript and it works fine, but i want to check the data with php too incase javascript is not working. 我的第一个问题是,我使用javascript检查数据,并且工作正常,但如果JavaScript无法正常工作,我也想使用php检查数据。 In case the javascript is not working the data will be checked from the php code, but my problem is that if javascript is working then the data will be checked from javascript and php too. 如果javascript无法正常工作,则将从php代码中检查数据,但是我的问题是,如果javascript正在正常工作,则也将从javascript和php中检查数据。 Is this fine? 这样好吗 Is there any way to avoid checking with php when the input data are checked by javascript? 通过javascript检查输入数据时,有什么方法可以避免使用php检查? Also I am checking the inputs(username and password) for the number of characters, for characters(i don't permit special characters, only "_", "." numbers and letters in order to avoid sql injection) - how does it sound to you? 我也在检查输入(用户名和密码)的字符数,字符(我不允许特殊字符,只有“ _”,“。”数字和字母,以避免sql注入)-怎么做听起来对吗? Do you have any other suggestion for better validation? 您还有其他建议可以更好地进行验证吗?
Thank you in advance. 先感谢您。
5 个解决方案
解决方案1
2 已采纳 2012-04-17 21:37:42
You should always do a serverside(php) validation of userinput. 您应该始终对userinput进行服务器端(php)验证。 a clientside(javascript) validation is only good for a better user-experience. 客户端(javascript)验证仅有助于更好的用户体验。 Also you should not restrict the input to some characters for mysql injection prevention, there are other reliable methods for this. 同样,您不应该将输入限制为某些字符以防止mysql注入,还有其他可靠的方法。
解决方案2
2 2012-04-17 21:38:12
Yes, you should validate both client-side (JS) and server-side (PHP). 是的,您应该同时验证客户端(JS)和服务器端(PHP)。
Do so on the client for convenience for your user and for a better user experience. 在客户端上执行此操作可为您的用户带来便利,并改善用户体验。
Do so on the server to prevent a malicious attack, or, as you stated, in case your user has JS disabled. 在服务器上执行此操作可防止恶意攻击,或者如您所述,以防用户禁用JS。
解决方案3
2 2012-04-17 21:38:27
You should always perform server side validation. 您应该始终执行服务器端验证。 There is no guarantee that client-side validation (such as javascript validation) cannot be defeated. 不能保证客户端验证(例如javascript验证)不会失败。 It's a simple exercise to grab a debugging tool (any many are built into browser nowadays) and circumvent javascript validation. 抓住调试工具(当今的浏览器中内置了许多调试工具)并规避javascript验证是一个简单的练习。
Typically there is nothing wrong and is even recommended to do validation in both places in Javascript and PHP. 通常,没有什么错,甚至建议在Javascript和PHP的两个地方都进行验证。
解决方案4
1 2012-04-17 21:38:00
Checking both ways is fine and definitely recommended. 两种方式都可以检查,绝对推荐。 If you wanted to avoid checking with PHP if Javascript is enabled, you could append a hidden field to the form and check for this with PHP. 如果要避免在启用了Javascript的情况下使用PHP进行检查,则可以将隐藏字段附加到表单中,然后使用PHP进行检查。
EG 例如
if(!isset($_POST['js_hidden_field'])) {
// Run Validation
}
So you check for the hidden field, if it's not set then run the PHP Validation 因此,您检查隐藏字段,如果未设置,请运行PHP验证
解决方案5
1 2012-04-17 21:39:48
This is actually good, you can never do too much validation in my opinion. 这实际上是很好的,我认为您永远不能做过多的验证。 Client side scripting can be manipulated by anyone with web development experience but server side scripting cannot. 具有Web开发经验的任何人都可以操纵客户端脚本,但是服务器端脚本则不能。
client side scripting validation pros: 客户端脚本验证专家:
- Alerts the user before submitting data allowing them to correct themselves 在提交数据之前提醒用户,允许他们进行自我纠正
- Makes your site look a little more sophisticated 使您的网站看起来更加精致
server side validation pros: 服务器端验证的优点:
- no one can change any validation rules you have 没有人可以更改您拥有的任何验证规则
- they cannot turn off server side validation. 他们无法关闭服务器端验证。
In short, doing both is good, it's actually better than just doing one or the other. 简而言之,两者都做是好的,实际上比只做另一种要好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.