“保护”输入的文本框值(HTML 表单)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4209090/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"Protect" text box value from input (HTML form)
提问by Trufa
I was wondering whether it is possible to assign a value to an HTML text box and protect it.
我想知道是否可以为 HTML 文本框赋值并保护它。
What I mean is make it′s content unmodifiable, so that when the form gets submitted im "sure" it was this value which was submitted.
我的意思是让它的内容不可修改,这样当表单被提交时,我“确定”提交的是这个值。
BTW I realize the easier way would be not to "listen" fot this input and just assign it but it would come in handy to be able to do what′s stated above.
顺便说一句,我意识到更简单的方法不是“听”这个输入,而是分配它,但是如果能够执行上述操作,它会派上用场。
I hope the question is clear enough, please ask for any needed clarification.
我希望这个问题足够清楚,请提出任何需要的澄清。
Thanks in advance!
提前致谢!
EDIT: I was definitely not clear enough but I tried to express that i should hold the value after submitted (not modifiable in client side)
编辑:我绝对不够清楚,但我试图表示我应该在提交后保留该值(在客户端不可修改)
回答by Matthew Flaschen
No, it's not. You should never trust user input, which includes form submissions.
不,这不对。您永远不应该相信用户输入,包括表单提交。
The other answers tell you how to mark the field as read-only. This is useful if you want to display a particular value, while showing that it's not intendedto edited.
其他答案告诉您如何将该字段标记为只读。如果您想显示特定值,同时显示它不打算编辑,这很有用。
However, it can still be modified with Firebug, DOM Inspector, etc. Or, they can just submit a HTTP request without using the browser at all.
但是,它仍然可以使用 Firebug、DOM Inspector 等进行修改。或者,他们可以不使用浏览器而直接提交 HTTP 请求。
I would recommend storing the value in a session instead.
我建议将值存储在会话中。
回答by Evan Mulawski
Set the readonlyproperty of the input element:
设置readonly输入元素的属性:
<input type="text" readonly="readonly" />
This will prevent any modification (except if the user edits with a DOM Inspector). Always validate input on the server. If you do not want any changes made, don't allow the user to edit it.
这将防止任何修改(除非用户使用 DOM Inspector 进行编辑)。始终验证服务器上的输入。如果您不想进行任何更改,请不要让用户对其进行编辑。
回答by Johnny
Just do this
就这样做
<input type="text" value="VALUE" readonly />
Then itll be read only :)
然后它将是只读的:)
回答by khachik
<input type="text" readonly="readonly"/>. But: Never be sure, and validate data on the server side.It is very easy to request GET/POST with invalid data.
<input type="text" readonly="readonly"/>. 但是:永远不要确定,并在服务器端验证数据。使用无效数据请求 GET/POST 非常容易。
回答by wajiw
Form inputs have a 'disabled' and 'readonly' attributes you can set to make them un-editable.
表单输入具有“禁用”和“只读”属性,您可以将它们设置为不可编辑。
http://htmlhelp.com/reference/html40/forms/input.html
http://htmlhelp.com/reference/html40/forms/input.html
Though you can never be 100% sure what is getting sent from the client side. The entire DOM is editable by the client.
尽管您永远无法 100% 确定从客户端发送的内容。整个 DOM 可由客户端编辑。
