underthefake Posted January 15, 2011 Share Posted January 15, 2011 I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/ Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 Yes, it is always possible for form data to be manipulated by the user. That's why all incoming form data should be validated. Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159850 Share on other sites More sharing options...
fortnox007 Posted January 15, 2011 Share Posted January 15, 2011 I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? even hidden fields can be changed, hidden is just a visual effect. Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159854 Share on other sites More sharing options...
phpfreak Posted January 15, 2011 Share Posted January 15, 2011 You could use $_SESSION to store the hidden data and then use it on the processing page. Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159878 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.