FraanXT Posted May 27, 2014 Share Posted May 27, 2014 Hello everybody, I have a form like that: <form method="post" action="x.php"> <input type="hidden" name="pubid" value="<?php echo $_SESSION["public_id"][$a]; ?>" /> <input type="submit" name="update" /> The public id is an id that every user have and that I use for get and post, imagine that this form is in a php "for" that print all this forms with public_id. Then I have a code like that: if(isset($_POST["update])){ if($_POST["pubid"]!==(There are some checks to avoid mysql injection)){ mysql_query=update from xxx set x=1 where pubid=$_POST["pubid"])(EXEMPLE) }} I want to avoid any change of form, because if someone change the value of the hidden input can modify information of mysql, someone know any method to do that? A friend told me to use js to compare form fields, but the user can modify js too I think, then I need to check it with php I think, correct me if Im wrong. Someone help me please. Quote Link to comment https://forums.phpfreaks.com/topic/288822-how-to-know-if-form-has-been-changed/ Share on other sites More sharing options...
requinix Posted May 27, 2014 Share Posted May 27, 2014 You got the public_id from somewhere, right? Database? When the form is posted back, make sure you can (re)find that public_id for the user. Like if you wanted to edit your post, there's a form that has the post ID. When you submit, the forum checks that the post is one of yours and only lets you edit if it is. Quote Link to comment https://forums.phpfreaks.com/topic/288822-how-to-know-if-form-has-been-changed/#findComment-1481103 Share on other sites More sharing options...
Jacques1 Posted May 28, 2014 Share Posted May 28, 2014 This makes absolutely no sense to me. What exactly is the whole point of your “public ID”? I mean, what's the goal you're trying to achieve with this? Quote Link to comment https://forums.phpfreaks.com/topic/288822-how-to-know-if-form-has-been-changed/#findComment-1481106 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.