How to know if form has been changed?

[FraanXT]

Hello everybody,

 

I have a form like that:

<form method="post" action="x.php">
<input type="hidden" name="pubid" value="<?php echo $_SESSION["public_id"][$a]; ?>" />
<input type="submit" name="update" />

The public id is an id that every user have and that I use for get and post, imagine that this form is in a php "for" that print all this forms with public_id.

 

Then I have a code like that:

if(isset($_POST["update])){
 if($_POST["pubid"]!==(There are some checks to avoid mysql injection)){
  mysql_query=update from xxx set x=1 where pubid=$_POST["pubid"])(EXEMPLE)
}}

I want to avoid any change of form, because if someone change the value of the hidden input can modify information of mysql, someone know any method to do that?

A friend told me to use js to compare form fields, but the user can modify js too I think, then I need to check it with php I think, correct me if Im wrong.

 

Someone help me please.

[requinix]

You got the public_id from somewhere, right? Database? When the form is posted back, make sure you can (re)find that public_id for the user.

 

Like if you wanted to edit your post, there's a form that has the post ID. When you submit, the forum checks that the post is one of yours and only lets you edit if it is.

[Jacques1]

This makes absolutely no sense to me.

 

What exactly is the whole point of your “public ID”? I mean, what's the goal you're trying to achieve with this?