Jump to content

Recommended Posts

Hello everybody,

 

I have a form like that:

<form method="post" action="x.php">
<input type="hidden" name="pubid" value="<?php echo $_SESSION["public_id"][$a]; ?>" />
<input type="submit" name="update" />

The public id is an id that every user have and that I use for get and post, imagine that this form is in a php "for" that print all this forms with public_id.

 

Then I have a code like that:

if(isset($_POST["update])){
 if($_POST["pubid"]!==(There are some checks to avoid mysql injection)){
  mysql_query=update from xxx set x=1 where pubid=$_POST["pubid"])(EXEMPLE)
}}

I want to avoid any change of form, because if someone change the value of the hidden input can modify information of mysql, someone know any method to do that?

A friend told me to use js to compare form fields, but the user can modify js too I think, then I need to check it with php I think, correct me if Im wrong.

 

Someone help me please.

Link to comment
https://forums.phpfreaks.com/topic/288822-how-to-know-if-form-has-been-changed/
Share on other sites

You got the public_id from somewhere, right? Database? When the form is posted back, make sure you can (re)find that public_id for the user.

 

Like if you wanted to edit your post, there's a form that has the post ID. When you submit, the forum checks that the post is one of yours and only lets you edit if it is.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.