sanfly Posted June 6, 2007 Share Posted June 6, 2007 Someone has said to me that when using a form (method = post), that storing data in "hidden" tags ie <input type="hidden" name="myField" value="something"> means that the user can set the value to whatever they like So my questions are: 1. How would they do this 2. How can I stop it 3. Do I have to abandon the hidden values and go with sessions? Thanks in advance Link to comment https://forums.phpfreaks.com/topic/54370-php-form-submission-security-issues/ Share on other sites More sharing options...
Caesar Posted June 6, 2007 Share Posted June 6, 2007 As long as you check all user input you're fine. Make sure you scrub all text/inputted data and run it through some checks. You can also check the referer. http://mydomain.com/form.php <?php echo' <form method="post" action="http://yourserver.com/process.php"> <table> <tr><td><input type="text" name="myField" value="'.$myXSScode.'"></td></tr> <tr><td><input type="submit" name="submit" value="Go!"></td></tr> </table> </form>'; ?> Link to comment https://forums.phpfreaks.com/topic/54370-php-form-submission-security-issues/#findComment-268880 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.