首页
\
问答
\
当文件上传(多个)完成时,复选框将自动检查(when the file upload (multiple) complete, the checkbox will auto check)
当文件上传(多个)完成时,复选框将自动检查(when the file upload (multiple) complete, the checkbox will auto check)
我正在做一个表单,在用户上传文件后,该复选框将自动检查,以便用户知道他们的文件已被上传。
在表单中,将有很少的“文件上传输入”和一个“多文件上传输入”,每个都有一个复选框旁边将在文件上传后自动检查。
这是我的文件上传代码
<div><input type="checkbox" id="application" value="application" name="application"/><label for="application"><span></span></label> </div> <div> <div>Application Form</div> <div> <input id="filename1" type="text"/> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn1" type="file" class="upload" name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div> </div> <div><input type="checkbox" id="application2" value="application2" name="application2"/><label for="application2"><span></span></label> </div> <div> <div>Application Form2</div> <div> <input id="filename2" type="text"/> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn2" type="file" class="upload" name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div> </div>脚本
document.getElementById('uploadBtn1').onchange = uploadOnChange; function uploadOnChange() { var filename = this.value; var lastIndex = filename.lastIndexOf("\\"); if (lastIndex >= 0) { filename = filename.substring(lastIndex + 1); } document.getElementById('filename1').value = filename; }这里是小提琴http://fiddle.jshell.net/kpxyb74h/
这是多个文件的代码
<div><input type="checkbox" id="payment" value="payment" name="payment" /><label for="payment"><span></span></label> </div> <div> <div>Payment</div> <div> <div id="upload_prev"></div> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn" type="file" class="upload" multiple name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div>脚本
$(document).on('click','.close',function(){ $(this).parents('span').remove(); }) document.getElementById('uploadBtn').onchange = uploadOnChange; function uploadOnChange() { var files = $('#uploadBtn')[0].files; for (var i = 0; i < files.length; i++) { $("#upload_prev").append('<span>'+'<div class="filenameupload">'+files[i].name+'</div>'+'<p class="close" >X</p></span>'); } document.getElementById('filename').value = filename; }这里是多个文件的小提琴http://fiddle.jshell.net/37zjr70k/
我必须将脚本分开,因为它无法同时运行。
I'm doing a form that after the user upload the file, the checkbox will auto check, so that the user will know that their file had been uploaded.
In the form, there will have few "file upload input" and one "multiple file upload input", each of it will have a checkbox beside that will automatically checked after the file had been uploaded.
here is my code for file upload
<div><input type="checkbox" id="application" value="application" name="application"/><label for="application"><span></span></label> </div> <div> <div>Application Form</div> <div> <input id="filename1" type="text"/> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn1" type="file" class="upload" name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div> </div> <div><input type="checkbox" id="application2" value="application2" name="application2"/><label for="application2"><span></span></label> </div> <div> <div>Application Form2</div> <div> <input id="filename2" type="text"/> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn2" type="file" class="upload" name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div> </div>Script
document.getElementById('uploadBtn1').onchange = uploadOnChange; function uploadOnChange() { var filename = this.value; var lastIndex = filename.lastIndexOf("\\"); if (lastIndex >= 0) { filename = filename.substring(lastIndex + 1); } document.getElementById('filename1').value = filename; }here is the fiddle http://fiddle.jshell.net/kpxyb74h/
here is the code for multiple file
<div><input type="checkbox" id="payment" value="payment" name="payment" /><label for="payment"><span></span></label> </div> <div> <div>Payment</div> <div> <div id="upload_prev"></div> <div class="fileUpload btn btn-primary"> <span>Add</span> <input id="uploadBtn" type="file" class="upload" multiple name="browsefile" file-accept="pdf, doc, docx, jpg, jpeg, png"/> </div> </div>script
$(document).on('click','.close',function(){ $(this).parents('span').remove(); }) document.getElementById('uploadBtn').onchange = uploadOnChange; function uploadOnChange() { var files = $('#uploadBtn')[0].files; for (var i = 0; i < files.length; i++) { $("#upload_prev").append('<span>'+'<div class="filenameupload">'+files[i].name+'</div>'+'<p class="close" >X</p></span>'); } document.getElementById('filename').value = filename; }here is the fiddle for multiple file http://fiddle.jshell.net/37zjr70k/
I have to separate the script because it unable to function at the same time.
原文:https://stackoverflow.com/questions/32087950
更新时间:2023-09-18 10:09
最满意答案
根据我的经验,我意识到有两种通用方法可以防止azure存储表注入。 一个是用另一个字符串替换字符串',如; ,“或URLEncode字符串'。这是您的选择。另一种是使用普通内容的编码格式(如Base64)的存储表密钥。
这是我的测试Java程序如下:
import org.apache.commons.codec.binary.Base64; import com.microsoft.azure.storage.CloudStorageAccount; import com.microsoft.azure.storage.table.CloudTable; import com.microsoft.azure.storage.table.CloudTableClient; import com.microsoft.azure.storage.table.TableOperation; import com.microsoft.azure.storage.table.TableQuery; import com.microsoft.azure.storage.table.TableQuery.QueryComparisons; public class TableInjectTest { private static final String storageConnectString = "DefaultEndpointsProtocol=http;" + "AccountName=<ACCOUNT_NAME>;" + "AccountKey=<ACCOUNT_KEY>"; public static void reproduce(String query) { try { CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectString); CloudTableClient tableClient = storageAccount.createCloudTableClient(); // Create table if not exist. String tableName = "people"; CloudTable cloudTable = new CloudTable(tableName, tableClient); final String PARTITION_KEY = "PartitionKey"; String partitionFilter = TableQuery.generateFilterCondition(PARTITION_KEY, QueryComparisons.EQUAL, query); System.out.println(partitionFilter); TableQuery<CustomerEntity> rangeQuery = TableQuery.from(CustomerEntity.class).where(partitionFilter); for (CustomerEntity entity : cloudTable.execute(rangeQuery)) { System.out.println(entity.getPartitionKey() + " " + entity.getRowKey() + "\t" + entity.getEmail() + "\t" + entity.getPhoneNumber()); } } catch (Exception e) { e.printStackTrace(); } } /* * The one way is replace ' with other symbol string */ public static String preventByReplace(String query, String symbol) { return query.replaceAll("'", symbol); } public static void addEntityByBase64PartitionKey() { try { CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectString); CloudTableClient tableClient = storageAccount.createCloudTableClient(); // Create table if not exist. String tableName = "people"; CloudTable cloudTable = new CloudTable(tableName, tableClient); String partitionKey = Base64.encodeBase64String("Smith".getBytes()); CustomerEntity customer = new CustomerEntity(partitionKey, "Will"); customer.setEmail("will-smith@contoso.com"); customer.setPhoneNumber("400800600"); TableOperation insertCustomer = TableOperation.insertOrReplace(customer); cloudTable.execute(insertCustomer); } catch (Exception e) { e.printStackTrace(); } } // The other way is store PartitionKey using encoding format such as Base64 public static String preventByEncodeBase64(String query) { return Base64.encodeBase64String(query.getBytes()); } public static void main(String[] args) { String queryNormal = "Smith"; reproduce(queryNormal); /* * Output as follows: * PartitionKey eq 'Smith' * Smith Ben Ben@contoso.com 425-555-0102 * Smith Denise Denise@contoso.com 425-555-0103 * Smith Jeff Jeff@contoso.com 425-555-0105 */ String queryInjection = "Smith' or PartitionKey lt 'Z"; reproduce(queryInjection); /* * Output as follows: * PartitionKey eq 'Smith' or PartitionKey lt 'Z' * Webber Peter Peter@contoso.com 425-555-0101 <= This is my information * Smith Ben Ben@contoso.com 425-555-0102 * Smith Denise Denise@contoso.com 425-555-0103 * Smith Jeff Jeff@contoso.com 425-555-0105 */ reproduce(preventByReplace(queryNormal, "\"")); // The result same as queryNormal reproduce(preventByReplace(queryInjection, "\"")); // None result, because the query string is """PartitionKey eq 'Smith" or PartitionKey lt "Z'""" reproduce(preventByReplace(queryNormal, "&")); // The result same as queryNormal reproduce(preventByReplace(queryInjection, "&")); // None result, because the query string is """PartitionKey eq 'Smith& or PartitionKey lt &Z'""" /* * The second prevent way */ addEntityByBase64PartitionKey(); // Will Smith reproduce(preventByEncodeBase64(queryNormal)); /* * Output as follows: * PartitionKey eq 'U21pdGg=' * U21pdGg= Will will-smith@contoso.com 400800600 <= The Base64 string can be decoded to "Smith" */ reproduce(preventByEncodeBase64(queryInjection)); //None result /* * Output as follows: * PartitionKey eq 'U21pdGgnIG9yIFBhcnRpdGlvbktleSBsdCAnWg==' */ } }我认为最好的选择是根据应用程序选择一种合适的方法来防止查询注入。
如有任何疑虑,请随时告诉我。
Per my experience, I realize that there is two general ways to prevent azure storage table injection. The one is replace the string ' with the other string such as ; , " or URLEncode string of '. This is your option. The other is storage table key using an encoding format(such as Base64) instread of plain content.
This is my test Java program as follows:
import org.apache.commons.codec.binary.Base64; import com.microsoft.azure.storage.CloudStorageAccount; import com.microsoft.azure.storage.table.CloudTable; import com.microsoft.azure.storage.table.CloudTableClient; import com.microsoft.azure.storage.table.TableOperation; import com.microsoft.azure.storage.table.TableQuery; import com.microsoft.azure.storage.table.TableQuery.QueryComparisons; public class TableInjectTest { private static final String storageConnectString = "DefaultEndpointsProtocol=http;" + "AccountName=<ACCOUNT_NAME>;" + "AccountKey=<ACCOUNT_KEY>"; public static void reproduce(String query) { try { CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectString); CloudTableClient tableClient = storageAccount.createCloudTableClient(); // Create table if not exist. String tableName = "people"; CloudTable cloudTable = new CloudTable(tableName, tableClient); final String PARTITION_KEY = "PartitionKey"; String partitionFilter = TableQuery.generateFilterCondition(PARTITION_KEY, QueryComparisons.EQUAL, query); System.out.println(partitionFilter); TableQuery<CustomerEntity> rangeQuery = TableQuery.from(CustomerEntity.class).where(partitionFilter); for (CustomerEntity entity : cloudTable.execute(rangeQuery)) { System.out.println(entity.getPartitionKey() + " " + entity.getRowKey() + "\t" + entity.getEmail() + "\t" + entity.getPhoneNumber()); } } catch (Exception e) { e.printStackTrace(); } } /* * The one way is replace ' with other symbol string */ public static String preventByReplace(String query, String symbol) { return query.replaceAll("'", symbol); } public static void addEntityByBase64PartitionKey() { try { CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectString); CloudTableClient tableClient = storageAccount.createCloudTableClient(); // Create table if not exist. String tableName = "people"; CloudTable cloudTable = new CloudTable(tableName, tableClient); String partitionKey = Base64.encodeBase64String("Smith".getBytes()); CustomerEntity customer = new CustomerEntity(partitionKey, "Will"); customer.setEmail("will-smith@contoso.com"); customer.setPhoneNumber("400800600"); TableOperation insertCustomer = TableOperation.insertOrReplace(customer); cloudTable.execute(insertCustomer); } catch (Exception e) { e.printStackTrace(); } } // The other way is store PartitionKey using encoding format such as Base64 public static String preventByEncodeBase64(String query) { return Base64.encodeBase64String(query.getBytes()); } public static void main(String[] args) { String queryNormal = "Smith"; reproduce(queryNormal); /* * Output as follows: * PartitionKey eq 'Smith' * Smith Ben Ben@contoso.com 425-555-0102 * Smith Denise Denise@contoso.com 425-555-0103 * Smith Jeff Jeff@contoso.com 425-555-0105 */ String queryInjection = "Smith' or PartitionKey lt 'Z"; reproduce(queryInjection); /* * Output as follows: * PartitionKey eq 'Smith' or PartitionKey lt 'Z' * Webber Peter Peter@contoso.com 425-555-0101 <= This is my information * Smith Ben Ben@contoso.com 425-555-0102 * Smith Denise Denise@contoso.com 425-555-0103 * Smith Jeff Jeff@contoso.com 425-555-0105 */ reproduce(preventByReplace(queryNormal, "\"")); // The result same as queryNormal reproduce(preventByReplace(queryInjection, "\"")); // None result, because the query string is """PartitionKey eq 'Smith" or PartitionKey lt "Z'""" reproduce(preventByReplace(queryNormal, "&")); // The result same as queryNormal reproduce(preventByReplace(queryInjection, "&")); // None result, because the query string is """PartitionKey eq 'Smith& or PartitionKey lt &Z'""" /* * The second prevent way */ addEntityByBase64PartitionKey(); // Will Smith reproduce(preventByEncodeBase64(queryNormal)); /* * Output as follows: * PartitionKey eq 'U21pdGg=' * U21pdGg= Will will-smith@contoso.com 400800600 <= The Base64 string can be decoded to "Smith" */ reproduce(preventByEncodeBase64(queryInjection)); //None result /* * Output as follows: * PartitionKey eq 'U21pdGgnIG9yIFBhcnRpdGlvbktleSBsdCAnWg==' */ } }I think that the best option is choose a suitable way to prevent query injection on the basis of application sence.
Any concerns, please feel free to let me know.
相关问答
更多-
Azure表设计器(Azure Table Designer)[2021-06-21]
为什么不使用在线门户? 您用于创建数据库的同一门户允许您使用网格格式构建表,如您所述。 只需单击左下方的“设计”按钮,然后单击底部的“新建表”即可。 您还可以创建索引,外键等。 Why not use the online portal? The same portal you used to create the database allows you to build tables using a grid format as you are describing. Just click on the ... -
实际上,他的意思是你的UI代码直接依赖于数据访问库中的代码。 如何在UI层中使用它的示例: public class SomeController : Controller { [Route("someRoute")] [HttpGet] public ViewResult SomeRoute() { // Here we're using the data component directly var dataComponent = new ...
-
以下是Microsoft的建议: 使用代码分析来检测Visual Studio项目中易于sql注入的区域; 请参阅有关如何降低攻击风险的文章: 总之,他们谈论: 使用存储过程。 使用参数化命令字符串。 在构建命令字符串之前验证类型和内容的用户输入。 顺便说一句,您可以在构建过程中启用静态分析并对其进行配置,以便在安全规则被破坏时,构建也会中断。 确保您的团队编写安全代码的好方法! Here is the recommendation from Microsoft: Use Code Analysis to ...
-
Azure截断表(Azure Truncate table)[2021-10-08]
托尼: 我想你是对的。 我在这里使用了这个建议,在调整db之后,所有的连接都消失了,我可以截断没有问题。 谢谢 Tony: I think you are right. I used the suggestion here and after resizing the db, all of the connections went away and I could truncate without a problem. Thanks -
根据我的经验,我意识到有两种通用方法可以防止azure存储表注入。 一个是用另一个字符串替换字符串',如; ,“或URLEncode字符串'。这是您的选择。另一种是使用普通内容的编码格式(如Base64)的存储表密钥。 这是我的测试Java程序如下: import org.apache.commons.codec.binary.Base64; import com.microsoft.azure.storage.CloudStorageAccount; import com.microsoft.azure ...
-
当语句具有动态表名称时如何防止SQL注入?(How to prevent SQL injection when the statement has a dynamic table name?)[2023-12-04]
不幸的是,JDBC不允许你在语句内使表名成为绑定变量。 (这有其原因)。 所以你不能编写或实现这种功能: connection.prepareStatement("SELECT * FROM ? where id=?", "TUSERS", 123); 并且将TUSER绑定到声明的表名。 因此,你唯一安全的方法就是验证用户输入。 然而,最安全的方式并不是验证它,并允许用户输入数据库,因为从安全角度来看,您始终可以指望用户比验证更智能。 永远不要相信一个动态的,用户生成的字符串,在您的语句中连接起来。 那么 ... -
如何防止SQL注入(how to prevent SQL Injection)[2024-03-13]
记住SQL注入的重要方面是,这意味着,如果可能的话, 您永远不应该将用户提供的值直接嵌入到SQL中 。 这并不意味着你不能使用动态sql(尽管如果你不这样做肯定会让事情变得更容易),但它有时会变得更加危险。 在您的具体示例中,您可以保留除@field_name之外的所有参数。 不幸的是,这必须直接嵌入到SQL中; 其他所有内容都可以作为参数再次传递,因此无需担心其内容。 在这个特定的例子中你可以做的最安全的事情是: if(exists (select 1 from INFORMATION_SCHEMA.Co ... -
Azure功能结构(Azure Function Structure)[2023-07-07]
一个问题是Visual Studio有一个功能核心工具的过时版本。 在解决此问题之前,您可以采用以下方式解决问题: 通过运行npm install -g azure-functions-core-tools安装最新的通过npm 在VS中的Function App中,转到“属性” 转到调试,然后单击配置文件下的新建... 命名类似FunctionsNpm的新配置文件 将可执行文件设置为(替换[YourUserName] ): C:\Users\[YourUserName]\AppData\Roaming\np ... -
我已经打开了一个请求Add IDependencyScope来处理 Azure Webjob团队的范围 。 我创建了一个小型库来收集Azure Webjobs和SimpleInjector的类: Nuget下载 GitHub项目 对于QueueTrigger和ServiceBustrigger,我来到这些解决方案: ServiceBusTrigger(来自这个答案: https : //stackoverflow.com/a/33759649/4167200 ): public sealed class S ...
-
如果您计划坚持使用RDBMS,那么SQL Azure就是您的选择(并且您应该能够使用任何现有的RDBMS存储库实现)。 然而,如果你想使用更具扩展性的表存储 ,那么你可能需要研究一下CloudStorage.API ,它提供了一个包装(它声称也瞄准其他云存储端点,但AFAICT它非常适合Azure)。 与Azure示例中提供的实现相比,它还可以实现更好的单元测试和依赖注入。 你将有一个工作单元接口与IEntityTableDataContext一起工作,然后在这之上创建你自己的Repository实现不需要 ...