Stop people editing the form elements

[dad00]

Hi,

 

Ive got a form which is a add to cart button but using google chrome or firebug(i think) firefox plugin they can edit the values on the form hence making them able to get items for free. I can use javascript to stop them but not everyone has javascript enabled is there a way i can do it with php?

[trq]

Your form submission should be validated server-side using php not client-side using whatever it is your using at the moment.

[dad00]

yeah theres a problem though ive also got a paypal buy now button which has the price and everything but i have no way of validating that before it gets to paypal

[grunshaw]

You could make the elements hidden instead, or you could use the "disabled" tag at the end of the element. Not sure how this would work for you though.

[dad00]

the elements are hidden but their still editable with google chrome

[GingerRobot]

the elements are hidden but their still editable with google chrome

 

Or indeed anyone by hand, the firebug extension for firefox and bots to name but a few.

 

You must be doing something wrong if the user has an opportunity to change the price.

[dad00]

its because im using a html form its the only way i can do it for what i need. And paypal uses a html form

[dad00]

or is there a way i can transfer $_post data without a form

[GingerRobot]

or is there a way i can transfer $_post data without a form

 

Yes. You can use cURL for starters. However, isn't there a paypal API for all this?

[mars_rahul]

Why don't you define desired value as session variable and before doing that encrypt variable. This is general practice and better check for URL encryption.

 

 

What Guru's View about it.

 

[dad00]

they turn into a session variable when its clicked so still giving them space to edit it. and also if i encrypt the value they can still view it and decrypt it and i need to use post because i need to send the data from my site to the paypal site