sanfly Posted June 6, 2007 Share Posted June 6, 2007 Someone has said to me that when using a form (method = post), that storing data in "hidden" tags ie <input type="hidden" name="myField" value="something"> means that the user can set the value to whatever they like So my questions are: 1. How would they do this 2. How can I stop it 3. Do I have to abandon the hidden values and go with sessions? Thanks in advance Quote Link to comment Share on other sites More sharing options...
Caesar Posted June 6, 2007 Share Posted June 6, 2007 As long as you check all user input you're fine. Make sure you scrub all text/inputted data and run it through some checks. You can also check the referer. http://mydomain.com/form.php <?php echo' <form method="post" action="http://yourserver.com/process.php"> <table> <tr><td><input type="text" name="myField" value="'.$myXSScode.'"></td></tr> <tr><td><input type="submit" name="submit" value="Go!"></td></tr> </table> </form>'; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.