Form submit with Mootools
I have a registration form. I need to send it via Ajax Post ( mootools ) to php file. What is the best and SECU开发者_开发百科RE way for post the form? Many thx
This can be a short topic or a long topic, depending on what do you mean by 'secure'? What are your concerns here?
Have a look at this basic example: http://jsfiddle.net/dimitar/tr74c/
Basically, the rule is don't trust the client. Ever. This example runs in a closure (hard to puncture) goes through the inputs and strips any script stuff that may cause an injection if you output the result later. It then submits to the server and outputs stuff back for fun.
You should not trust that the stripScripts() has worked and strip_tags in PHP also and whatever other security measures you apply to data by a user like mysql_real_escape_string etc.
This in your domready block.
(function() {
var form = document.id("register"), els = form.getElements("input.required"), result = document.id("result");
form.addEvent("submit", function(e) {
e.stop();
var errors = false;
// clean inputs from cross site scripting and some basic validation, put yours in.
els.each(function(el) {
var value = el.get("value").stripScripts();
if (value.length < 3) // example min 3 length
errors = true;
el.set("value", value);
});
if (!errors) {
// set jsfiddle html.
document.id("html").set("value", "Submited safe data was: User: " + document.id("login").get("value") + ", pass: " + document.id("pass").get("value"));
new Request({
url: this.get("action"),
data: this,
onComplete: function() {
result.set("html", this.response.text);
}
}).send();
}
else {
alert("fill in all required fields with at least 3 chars");
}
});
})();
Keep in mind the HTML var is for jsfiddle simulated ajax output and not really needed in production.
加载中,请稍侯......
精彩评论