So you have a checkbox or a radio button with a predifined value to be sent to the database:
<input name="statement" type="radio" value="AWENSOME">
But someone or a script, with bad intention can easily change the value of your checkbox/radio button with for example a basic "browser page inspect" and then send other value to the databse. For example:
<input name="statement" type="radio" value="NOT SO AWENSOME! STUPID">
How can one prevent that guys? Thank you.
No, you can't, the best way is to gather all allowable input values in the database and check those values everytime on the server. It is easy in case of inputs like checkbox, select, radio, because you know exactly what the values can be. In case of text inputs, you have to use regex and sanitanization.
Maybe something like this in your model would help if your are using php:
if ($data['statement'] == 'AWENSOME' || $data['statement'] == 'FOOBAR' )
{
$statement = $data['statement'];
} else
{
// abort the app or return an error to the user
}
You cannot totally prevent the user from modifying the html scripts in the browser, but you can prevent unnecessary data to enter in your database..
In order to prevent that, you should have a validator in your php scripts in the server side.
There are many ways in preventing invalid data to enter in the db:
make a list of valid values in the database and once the user selects it, the server will check if the value in the checkbox or radio is existing
make the value fo radio/checkbox an encrypted or lets say there is some unique format like zkdie23doo44s that can be identified by your server..
periodically, check the html checkboxes and reload the values based from the original html script in the server
hope this helped you get an idea or two..
You can't do that you have to check once again on the server side and for the boxes like check box you know the value and for text box you can use regular expression
Related
Good night guys, I have a very simple angular question. I have a form, it has a specific field that I set the value for a patch value but at the same time I need to disable this field. However after the disable, the value is not sent to the back end to be inserted anymore. I've done the test and I saw that only with the patch value, the value is sent normally and inserted in backend normally, but when I disable it, it loses the value and is not sent to the back, I already tried onlyself but I didn't succeed , I would like your help if possible, thanks for your attention. Ah I know that html disable works, but I would like to know if there is any way for me to do this in typescript by disabling the field in the form.
iniciarSituacaoCadastro(){
if(this.visualizar){
this.formPesquisar.controls['address'].patchValue(Address.ATIVO);
this.formPesquisar.controls['address'].disable({onlySelf: true});
}
}
Use getRawValue() instead of value.
https://angular.io/api/forms/FormGroup#getRawValue
getRawValue() retrieves all values regardless of disabled status. The
value property is the best way to get the value of the group, because
it excludes disabled controls in the FormGroup.
I'm working on dynamically changing a the textfields based on radiobutton selection.
If I select single, then it should display different kinds of fields in the form and when I select multi it has different.
To achieve this,
I created two div's to fit the elements which gets changed on radiobutton selection.
I put the textfields in first div(id="single") and repeated the same fields in second field in another div(id="multi").
Based on radio button selection this works, but when I submit the form the values I have the below problem:
When I select single, the form displays all fields required, but the submitted values are sent twice, i.e. in console I see two entries sent,
I guess it is taking the fields of multi as well.
But when I select multi it works fine, still I see two entries in POST of console.
How can I avoid this. Is it the right way of handling such situations or is there anything other than this.
Fiddle
Console:
Ivrmapping[WelcomeNotes]
Ivrmapping[audioWelcomeUr...
Ivrmapping[audioWelcomeUr...
Ivrmapping[groupZCode] Ba
Ivrmapping[groupzName]
Ivrmapping[groupzName]
Ivrmapping[ivrnumber] 123467901
Ivrmapping[language]
Ivrmapping[language] 0
Ivrmapping[selectionList]
Ivrmapping[selectionList]
Do something like:
$("#multi_language > input").attr('disabled', true);
$("#single_language > input").attr('disabled', false);
Disabling inputs remove them from request.
The name attribute of your fields need to be different in a form control in order to differentiate the values in the request. This does not help you NOT send values across that aren't being used, but it lets you distinguish on the server side which values are for which radio button selection.
I have a form where a user can chose the applications he has access to? and when he the applications he wants access to, he is presented with more options. One of them is notification email address. if the user choses two applications, he gets two notification email address fields to fill. But both of them are stored in the same column in the database.
There are multiple fields like user authorisation level, user branch etc which are uniform accross all applications.
i am trying to replicate the value of one field in the other with jquery. i tried the below which obviously fails. Can anyone suggest how to acheive the replication?
$("#email").val().change(function() {
$("#email1").val($("#email").val());
});
Edit: I have drop down fields as well as text boxes.
.val() returns a string which cannot have a change event. You need to use
$("#email").change(function() {
$("#email1").val($(this).val());
});
You will want to bind the change event using on or live depending on your version of jquery, if you haven't wrapped this piece of code in a ready block.:
$("#email").on("change",function() {
$("#email1").val($(this).val());
});
This fiddle shows setting a <select> tags value using .val() http://jsfiddle.net/8UG9x/
It is an often asked question:
Copy another textbox value in real time Jquery
depending on when you need this action to execute, but if live
$(document).ready(function() {
$('#proname').live('keyup',function() {
var pronameval = $(this).val();
$('#provarname').val(pronameval.replace(/ /g, '-').toLowerCase());
});
});
http://jsfiddle.net/KBanC/
another one, basically same:
JQUERY copy contents of a textbox to a field while typing
I'm relatively new to programming, but understand the basics of HTML, CSS, and Javascript (including jQuery). Due to my greenness, I'd appreciate it if answers contained both a simple solution and a reason as to why the solution works. Thanks!
So I've got a form, with a text input and a submit button:
<form>
<input type="text">
<button type="submit">Submit</button>
</form>
When the user types data into the text field and clicks submit, how do I gain access to this data? If a user inputs their name, how do I grab that information? I don't intend to store it or write it anywhere, just to hold onto it as a variable in javascript, which I'll assign to a jQuery cookie.
So how do I access the data that the user has submitted, preferably using only Javascript (with jQuery)? Thanks for the help!
You access the data on the server side (in PHP via $_POST['username'] for example). The form sends data to your sever for any named input, so you would probably have to change the input to:
<input type=text name=username>
If you want to access it on the client side (with JavaScript), you can do that too, but you have to prevent the form from submitting:
$("form").on('submit', function (e) {
$.cookie('username', $(this).find('[name=username]').val());
//stop form from submitting
e.preventDefault();
});
say you had an html input tag such as:
<input id="textfield" type="text">
using javascript, you can store the value of that field in a variable like this:
var inputvalue = $('#textfield').val();
of course, you'll need something to run the script.
the reason this works is that the the textfield is an object. you might think of it as a tree trunk with different branches coming out. one of these "branches" is the value contained inside of it. since you know jquery, you know that $('#textfield') gets the element by a selector. the period says we're getting one of the branches, and "value" says we want the branch that tells what's in the textfield.
hope this helps.
So I tried to do something like this -
$('#price').val(price);
price is 300, and it shows good on browser, in input field, but when I want to take it out and mail it with PHP, in $_POST['price'] it doesn't show up, How can I insert something in inputs value with JavaScript, so I can mail it? It seems this is not an insertion in value, but just a feature to display something, correct?
Maybe this code can help you
document.getElementById('yorInputID').value = "Your Value";
There are a few possible reasons:
1) Your input field is not inside the form.
2) You are actually using a GET and not a POST.
Assuming that you can see the value updated in Firebug or Chrome's equivalent, it's gotta be one of those. Switch over to using $_REQUEST and see if that changes anything.
Your input for #price needs to also have a name "price"
<input id="price" value="price" />
From your question I'm assuming that this input is hidden -- and if that's the case I want to advise you not to rely on hidden fields + Javascript to provide you with security. It's so easily hackable I wouldn't even call it hacking.
Make sure the input is not "disabled" when the form submits.
if it's disabled the form don't send it.