问题描述
将HTML表单名称与表格字段名称命名相同是否被认为是不好的做法?我正在建立一些动态的sql插入查询,目前我正在使用一些正则表达式来改变名称到相关的数据库字段,因为我觉得它可能是不安全的,否则,你的意见是什么?
我写了一个函数来为我执行 INSERT
查询,这取决于这个事实。它将 $ _POST
变量名称和 INSERT
放入它们相应的列中。
正如在对OP的评论中所说的那样,并不重要,并且在大多数情况下,如果您使用 first_name,
firstname,
或 first。
另外,请记住,您的用户永远不会看到数据库列名称,并且只有在查看源代码时才会看到表单名称。因此,没有什么值得担心的!
祝你好运!
Is it considered bad practice to give HTML form names the same name as table field names? I am building some dynamic sql insert queries, and at present I am using some regexp's to change the names to the relevant database fields on the basis I feel it may be insecure otherwise, what are your opinions?
I wrote a function to do INSERT
queries for me, and it depends on that fact. It takes the $_POST
variable names and INSERT
s them into their corresponding columns.
As said in the comment on the OP, it doesn't matter, and in most cases, saves you time going back to remember if you used first_name,
firstname,
or first.
Also, keep in mind that your users will never see the database column names, and they will only see the form names if they view the source. Therefore, there's not much to worry about!
Good luck!
这篇关于表单字段的相同名称&数据库表字段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!