在目标为端点的 select 下拉列表中清理用户输入
Sanitize user input in select drop down where the destination is an endpoint
当 post 通过 Jquery AJAX 将输入发送到另一个脚本以最终发送时,我将如何从我的 select 下拉菜单中清理用户输入使用 curl 对端点的 post 请求?在这种情况下,urlencode 是否足够,因为我没有直接将其插入任何数据库,我发送此数据的端点显然会插入到数据库中,但它是第 3 方应用程序
view.php
function edit_data_title() {
var lead_id = $("#LeadID").val();
var title = $(".title option:selected").val();
var agent_full_name = $("#agent_full_name").val();
if (confirm('Are you sure you want to update the Title of this lead?')) {
$.ajax({
url: "endpoint.php",
method: "POST",
data: {
lead_id: lead_id,
title: title,
agent_full_name: agent_full_name
},
dataType: "text",
success: function(data) {
//alert(data);
$('#title_readonly').hide();
$('#title_cancel').hide();
$('#title_edit_input').hide();
$('#title_edit_button').show();
$("#update_lead_title_result").html(data);
$('#update_lead_title_result').show();
$('#title').prop('selectedIndex', 0);
}
});
} else {
alert('Lead title update cancelled');
$('#title').prop('selectedIndex', 0);
}
}
<select name="title" id="title" class="title" onchange="edit_data_title();">
<option value="">Select an option</option>
<option value="Dr.">Dr.</option>
<option value="Hon.">Hon.</option>
<option value="Mr.">Mr.</option>
<option value="Mrs.">Mrs.</option>
<option value="Ms.">Ms.</option>
<option value="Prof.">Prof.</option>
<option value="Rev.">Rev.</option>
<option value="Other">Other</option>
</select>
endpoint.php
$title = $_POST['title'];
$curl_url = "https://endpoint101.com?title=$title";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $curl_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$curl_info = json_encode($curl_info);
curl_close($ch);
如果 $title 值与可用选项之一匹配,您应该检查服务器端。
这是我根据您问题中给出的输入推测的唯一条件。
https://www.php.net/manual/en/function.in-array.php
$allowed_options = ['','Dr.','Hon.','Mr.','Mrs.','Ms.','Prof.','Rev.','Other'];
//if $title value doesn't match any of the allowed options, exits the script
if (!in_array( $title, $allowed_options, true))
exit;
当 post 通过 Jquery AJAX 将输入发送到另一个脚本以最终发送时,我将如何从我的 select 下拉菜单中清理用户输入使用 curl 对端点的 post 请求?在这种情况下,urlencode 是否足够,因为我没有直接将其插入任何数据库,我发送此数据的端点显然会插入到数据库中,但它是第 3 方应用程序
view.php
function edit_data_title() {
var lead_id = $("#LeadID").val();
var title = $(".title option:selected").val();
var agent_full_name = $("#agent_full_name").val();
if (confirm('Are you sure you want to update the Title of this lead?')) {
$.ajax({
url: "endpoint.php",
method: "POST",
data: {
lead_id: lead_id,
title: title,
agent_full_name: agent_full_name
},
dataType: "text",
success: function(data) {
//alert(data);
$('#title_readonly').hide();
$('#title_cancel').hide();
$('#title_edit_input').hide();
$('#title_edit_button').show();
$("#update_lead_title_result").html(data);
$('#update_lead_title_result').show();
$('#title').prop('selectedIndex', 0);
}
});
} else {
alert('Lead title update cancelled');
$('#title').prop('selectedIndex', 0);
}
}
<select name="title" id="title" class="title" onchange="edit_data_title();">
<option value="">Select an option</option>
<option value="Dr.">Dr.</option>
<option value="Hon.">Hon.</option>
<option value="Mr.">Mr.</option>
<option value="Mrs.">Mrs.</option>
<option value="Ms.">Ms.</option>
<option value="Prof.">Prof.</option>
<option value="Rev.">Rev.</option>
<option value="Other">Other</option>
</select>
endpoint.php
$title = $_POST['title'];
$curl_url = "https://endpoint101.com?title=$title";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $curl_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$curl_info = json_encode($curl_info);
curl_close($ch);
如果 $title 值与可用选项之一匹配,您应该检查服务器端。
这是我根据您问题中给出的输入推测的唯一条件。
https://www.php.net/manual/en/function.in-array.php
$allowed_options = ['','Dr.','Hon.','Mr.','Mrs.','Ms.','Prof.','Rev.','Other'];
//if $title value doesn't match any of the allowed options, exits the script
if (!in_array( $title, $allowed_options, true))
exit;