Jump to content

Form post to a session...how?


dwest

Recommended Posts

Now, I'm a little confused still.

In previous posts here (or perhaps another forum), I was told that passing hidden fields back and forth between forms was insecure and that I should use sessions instead.

But in order to get the values into a session I have to pass the hidden fields anyway.

So how do sessions alleviate the security vulnerabilities?
I see that and thanks  :)

What I'm doing is creating a means for a user to build an invoice form and when satisfied, submit it to the database.

To do that, I have a submit button to add items and a submit button to save the invoice.

The user goes back and forth to the available items list by clicking the add items submit button.  She selects items from that list to add them to the invoice.  The values are posted back to the invoice as hidden fields.

Each click of the add items button, passes the items already selected, in hidden fields, to the items list form.  Clicking done on that form passes the new selections plus the existing selections, back to the invoice form.  All in hidden fields.

This goes on until the user is done and then all the items in the invoice form are posted to the invoice database.

So, is there any advantage gained from using sessions in this case?  Seems to clutter things up more unless I'm missing something. (which is highly probable I might add  ;) )
I need to add that in the invoice form, all visible fields are seen as text boxes.  Thus they can be edited at any time.  So, the state of a piece of data gets posted "as is" not "as was".  This allows user to tweak the name or description or price of an item in the invoice and still add more items, etc.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.