Hidden From Values
- Started
- Last post
- 8 Responses
- shinpo
Does anyone know of a way to change hidden from values on the server from client side? Or is it pretty secure so that no one will be able to change the info. I know that if people click page source they can see the hidden values, but is there a way for them to change it?
- doesnotexist0
you can block right clicks ...
- shinpo0
That is a possibility, but that can be annoying for users especially if hey want to save pics or open links in new tabs.
- acescence0
hidden form values are not a means of security. any http get or post request can be modified
- heavyt0
I wouldnt put anything in there that you wouldnt want a user to see. If it is a password or something critical, don't even think about it.
- maximillion_0
its super easy so dont rely on them.
any information submitted by a user should always been sanitised by your code before you do anything with it
- shinpo0
Thank you guys for your responses. I agree that putting sensitive data for all the world to see would be a bad idea, but I guess what I am trying to ask is this.
Let's say that the form values were numbers indicating how many times someone had filled out the form say with a max of 5 times. Is there a way for someone to change the value from 5 back to zero so they can fill out the form again? If so, what is it and are there a work around for it?
- yes they can, you could use a session to store this datamaximillion_
- mikotondria30
Store the value for how many times they have completed the form entirely server-side, either in a database, or a flat file...Use php to get their IP, and just have a table with the ip and the number of attempts..
When someone goes to the page, lookup their IP, check the table for an entry, if allowable then show table, else tell them their go's are up..- they could just change their IP tho, so check it against a proper user profile..mikotondria3