underthefake Posted January 15, 2011 Share Posted January 15, 2011 I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? Quote Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/ Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 Yes, it is always possible for form data to be manipulated by the user. That's why all incoming form data should be validated. Quote Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159850 Share on other sites More sharing options...
fortnox007 Posted January 15, 2011 Share Posted January 15, 2011 I have a button that uses $_POST to send information to another page. The data is in a hidden input so it's not possible for users to change information. I have nothing to check if the data is correct on the other page. Is it still possible for people to change the $_POST data though? Or somehow send false $_POST data to the other page? even hidden fields can be changed, hidden is just a visual effect. Quote Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159854 Share on other sites More sharing options...
phpfreak Posted January 15, 2011 Share Posted January 15, 2011 You could use $_SESSION to store the hidden data and then use it on the processing page. Quote Link to comment https://forums.phpfreaks.com/topic/224538-is-it-safe-to-use-_post-for-this/#findComment-1159878 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.