开发者

Form submit with Mootools

开发者 https://www.devze.com 2023-02-17 04:38 出处:网络
I have a registration form. I need to send it via Ajax Post ( mootools ) to php file. What is the best and SECU开发者_开发百科RE way for post the form? Many thx This can be a short topic or a long to

I have a registration form. I need to send it via Ajax Post ( mootools ) to php file. What is the best and SECU开发者_开发百科RE way for post the form? Many thx


This can be a short topic or a long topic, depending on what do you mean by 'secure'? What are your concerns here?

Have a look at this basic example: http://jsfiddle.net/dimitar/tr74c/

Basically, the rule is don't trust the client. Ever. This example runs in a closure (hard to puncture) goes through the inputs and strips any script stuff that may cause an injection if you output the result later. It then submits to the server and outputs stuff back for fun.

You should not trust that the stripScripts() has worked and strip_tags in PHP also and whatever other security measures you apply to data by a user like mysql_real_escape_string etc.

This in your domready block.

(function() {
    var form = document.id("register"), els = form.getElements("input.required"), result = document.id("result");

    form.addEvent("submit", function(e) {
        e.stop();

        var errors = false;
        // clean inputs from cross site scripting and some basic validation, put yours in.
        els.each(function(el) {
            var value = el.get("value").stripScripts();
            if (value.length < 3) // example min 3 length
                errors = true;

            el.set("value", value);
        });

        if (!errors) {
            // set jsfiddle html.
            document.id("html").set("value", "Submited safe data was: User: " + document.id("login").get("value") + ", pass: " + document.id("pass").get("value"));
            new Request({
                url: this.get("action"),
                data: this,
                onComplete: function() {
                    result.set("html", this.response.text);
                }
            }).send();
        }
        else {
            alert("fill in all required fields with at least 3 chars");
        }
    });
})();

Keep in mind the HTML var is for jsfiddle simulated ajax output and not really needed in production.

0

精彩评论

暂无评论...
验证码 换一张
取 消