stackoom
  简体   繁体   中英

Laravel Form: How to pass hidden information to controller without using form

 原文  2020-07-10 05:13:41       php/ laravel

Question

I'm creating a website with a catalog, trading system, and custom currency (In Laravel).

I have the catalog and custom currency completely done (at-least to far), it's just the trading system. I'm so close to having the trading system done, except for this one thing that keeps holding me back, even though I think it should be pretty simple to do.

Each catalog item has a unique ID (in the database called uid), and the trading system Trades items based on the unique item id.

Here is the Trading Page for reference. I have it to where if you click the checkbox on an item you want or want to give away, it sends all the uid's you checked into one array ( Note: I have 2 seperate arrays, one for the offering items, and one for the requesting items ).

But the way I have it right now is that it gets each Item uid based off a form input. Since I don't want users being able to edit items unique ID, I need a way to do this in the backend. I've tried researching but I haven't gotten too far with that.

I'm kind of new to laravel and making websites as a whole, so I don't really know how to go forward with this. I'm thinking I will have to use JavaScript, but I don't know how to send information to the controller using javascript. I've also heard encoding then decoding the values but I have no idea how to do that either.

HTML Code (Offering Side): 

@foreach (Auth::user()->inventory()->paginate(9999) as $itemb)
                        <form class="form-horizontal" method="POST" enctype="multipart/form-data" action="{{ route('trade.s', $user->id, [$itemb->uid]) }}">
                        {{ Form::token() }}
                        <?
                        $itembb = $itemb->item_id;
                        $item =  Item::whereid($itembb)->first();
                        $yoyo = $item->selling()->orderBy('price', 'asc')->first();
                        ?>
                        @if ($item->limited == '1')
                        @if ($item->rbp()->count() > 0)
                        <div class="col-md-4" style="margin-top: 8px;display: inline-block;padding-left: 10px;">
                        <a>
                            <div class="card-body h-100" style="padding-top: 0px;padding-bottom: 0px;padding-right: 0px;padding-left: 0px;">
                        <div class="card h-100" style="border-radius: 0px; width: 120px;">
                            <img style="object-fit:cover; width: 100%; height: 50px;" src="/public/uploads/catalog/{{$item->image}}">
                            <span class="badge badge-success limited">Limited</span>
                            <div class="card-body" style="padding-bottom: 10px;padding-right: 10px;padding-left: 10px;padding-top: 10px;">
                            <h6>{{$item->title}}</h6>
                            <img style="margin-bottom: 2px;" src="{{ asset('public/img/nau.png') }}"> {{number_format($item->rbpp)}}
                            </div>
                            <div class="card-footer" style="padding-bottom: 0px;padding-top: 10px;padding-right: 0px;padding-left: 10px;">
                                (Getting uid value for each item checked)<input type="checkbox" name="out_data[]" value="{{$itemb->uid}}"> <label>Trade?</label>
                            </div>
                     </div>
                    </div>
</a>
</div>
                        @else
                        
                        @endif
                        @else
                        
                        @endif
                        @endforeach
                    </div>

Any help is very appreciated, (Sorry if my post is messy. please tell me if I need to put more code samples.)

2 answers

solution1
 1 ACCPTED  2020-07-10 05:40:19

From what I understand your fear is that people will modify the UUID of the item and try to "sell" another item that do not have. If that is the case you should not work on the form itself, but on the security in the backend. That is:

  1. receive an item UUID for sale (or an array of items)
  2. .important! check that each of the items' UUIDs belong to that particular logged in user.
  3. if the all of the items belong to the user a) if they ALL belong to the user -- store them in the db as "selling" for that user. b) if even one item does NOT belong to the user - return a validation error. They should not be able to store items for sale that they do not have.

From what I read it seems you're skipping step 2. where you check the UUIDs you receive from the form.

Changing the html form to be somehow "unchangeable" would be pretty much impossible so work with your limitations, not against them. :)

solution2
 0  2020-07-10 05:34:20

Can you just include a hidden form input for each of the items which holds the uid? eg

<input type="hidden" name="uid" id="uid" value="{{ $item->uid }}">

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to pass hidden information in a form in html? Pass form data to laravel controller using AngularJS how to pass data to server without using form submit in laravel 4? Laravel:How to send Ajax to controller without form How can I pass a hidden form input in Laravel Livewire? Using hidden “form” to pass variables Sending a hidden input from a form to a controller in Laravel How to get form data in controller pass from view using angularjs in laravel? Laravel: how do I pass a value from a form to a controller? Laravel - How to pass variables from view to controller with form
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM