redphoenix Posted October 18, 2008 Share Posted October 18, 2008 Hi everyone, I am designing a form to update data. The form represents multiple records (think of a data grid). When the user changes a value and clicks update, the form gets posted, and the field values are taken and an UPDATE statement is run. I have the id field as a hidden field - so that I can identify updates for a record. I was wondering, isn't this pretty insecure? the user can change the value of the hidden id form field and make changes to records that they are not supposed to. Is there an easy way to fix this? (actually any ideas are welcome ). Thanks! Link to comment https://forums.phpfreaks.com/topic/128975-php-update-form-question/ Share on other sites More sharing options...
DarkWater Posted October 18, 2008 Share Posted October 18, 2008 Use the hidden field, but then, when updating, run checks to make sure they have proper permissions. Link to comment https://forums.phpfreaks.com/topic/128975-php-update-form-question/#findComment-668655 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.