开发者

jQuery to PHP: no input... kinda

问答 作者:

I'm using jQuery to post HTTP requests to my PHP page (Apache/Linux, if that matters). I carefully validate on the client so that empty requests are not sent. However on occasions, I'd get an empty request like this:

- $_POST collection empty ($_GET collection also empty);

- Content-Length is nonzero (a number below 100, consistent with a valid POST from my script)

- Content-Type properly application/x-www-form-urlencoded

- reading from php://input yields an empty string

It's as if $_POST is somehow eaten on the way. I checked the code very carefully - I don't do anything to the contents of $_POST.

CLARIFICATION: I do catch this condition on the server; it's not like my code dies horribly. But I have a very strong feeling that it's not genuine lack of user input, but some kind of data corruption en route. Why else would there be a nonzero Content-Length?

If the client-side validation failed, I'd get a $_POST with empty fields. The way things are, I'm getting no fields at all. Utterly perplexed.

Any ideas,开发者_StackOverflow please?

UPDATE: the client-side request submittal code goes like this:

var r = trim((re = document.getElementById("tread")).value),
    m = trim((me = document.getElementById("tmean")).value);
if(r == "" && m == "")
    alert("Please provide.");
else
{
    $.post(URLPrefix + "tsearch.php", {R : r, M : m, Src:"bytext"}, DoneSearch, "html");
}

There's also another request to the same server-side script, which goes:

$.post(URLPrefix + "tsearch.php", {K0 : KCode(0),
    K1 : KCode(1), K2 : KCode(2), K3 : KCode(3),
    P : document.getElementById("pos").checked ? 1 : 0,
    Src:"bykanji"}, DoneSearch, "html");

I don't see how this code, where all fields are unconditional, can provide an empty POST collection.

If you're validating on the client side using jQuery/Javascript, clients with scripting turned off will not hit you validation code. If you want to test for that, have an additional hidden field and set it to a value using JS in your form.

e.g. In your form, have

<input  type="hidden" value="False, JS is off" name="my-hidden-field" />

and int your javascript

$('#my-hidden-field').val('True, JS is on');

You can use this to see if the empty posts are a result of your validation code failing to run on the client side of things.

I would honestly suggest doing both client-side and server-side validation. Checking for empty/null inputs in the $_POST[] array using PHP is trivial. Presumably your JavaScript should catch the empty inputs and not allow the request but just in case someone by-passes your JS you should always double check on the server. Something as simple as:

if(empty($_POST['val']))
 // throw error

Would work just fine, you can either halt all processing from that point or handle it any way you like. If data validation is important I really think it should be done on the server, JavaScript (or anything that is strictly client-side) is just too easy to tinker with.

继续阅读:httpjqueryphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9