Leaderboard

Because those are the name/value pairs for the form. Every form is going to have something different there. The one in my image is from a XHR request that this site uses to check for new replies to a thread. Yes. That example doesn't need break points, it's a simple form where you'd just modify the DOM with the inspector tool like you mentioned above. Find the <input> tag you want to change and modify it's value attribute. The school's website used a JS library to scan a QR code using a webcam and took then made an XHR request with the data to perform the login. That type of situation is where you need to use break points and it's done via the Debugger tab in the XHR Breakpoints panel. Click the + to add one and enter some URL text to stop on. You probably saw it in the Cookies panel. Like everything else, there's nothing to stop someone from modifying that value to whatever they want. Like the product ID though, it doesn't matter much if they do. Most likely whatever they change it to would be invalid and just result in them starting a new session. If they did happen to change it to another valid session ID then they'd inherit that session. This is why session IDs need to be long, random and should not shared.

According to my manual...

Click on the request and it will open all the details in a side panel. One of the tabs of that panel is Params that shows the data that was submitted. There's lots of other info in the other panels that may be useful too. That depends a bit on how things are setup and what you want to do. Firefox has an Edit and Resend button you can use to craft a new request. This just sends the request and shows the response in the dev tools, it won't cause the page to change or trigger and result processing in javascript. If the form is a standard HTML form, just inspect it in the dom and modify the values then submit it. In the case of the schools site, the request was done via XHR so I set a break point on XHR requests (Debugger -> XHR Breakpoints) to find where the request originated from, then set another break point before the XHR request so I could modify the variables used to generate the request. No where in particular. It's just something you learn to do after being a web developer for years.

Leave it in benanamen's format in your database. Change the query result to whatever format you need when you do the compare.

If you go to the network tab of the dev tools and look at the requests it will show you exactly what was submitted by the form. Nothing on the client side of things is safe from tampering. I used all these tools/techniques a couple weeks ago to "hack" my way into my nieces school platform as their javascript QR code reader wasn't working and that's the only way she had to log in. I submitted a few bad login attempts with the dev tools open to see how they were submitting the data. After that I scanned her QR code with my phone to get the data then used the dev tools to change the data prior to submission so it was correct and get her logged in.

The problem is that you are trying to print_r the result. The object created by that library is large and recursive so you can't just easily dump it.