Reputation: 344
to hide variable in form of php
As we know, passing $_POST['foo'] is the safest one on php.
even we want to pass variable without the end user notice, we can use <input type='hidden'>,
but too bad, even user with basic knowledge can notice this by inspecting elements (chrome) or show source code and change the value.
is there any way to encrypt or hide this value, so i can pass this 'secretly' parameter to the action page? javascript perhaps?
Upvotes: 1
Views: 223
Answers (2)
Reputation: 134157
You can submit the form using HTTPS to prevent anyone else from seeing the traffic.
To prevent your user from seeing it, you could encode the value using JavaScript. For example, using AES encryption or a simple base64 conversion. Of course, you will need corresponding code on the PHP side to decode the value. I am not sure this is the best overall approach though, since a savvy user could still read your JavaScript and figure out what is going on - as deceze wrote, any value that is submitted to the client is no longer secret.
Upvotes: 1
Reputation: 522075
If you want a value to be secret, don't let it leave the server to begin with. Store secret values on the server only and give the client some token that lets him refer to the value without actually giving the value itself away.
The classic and most used example of this is a session, in which the user receives only a meaningless session id and all data associated with that session id is stored server side.
Upvotes: 5
Related Questions
- How to hide field using PHP?
- How to hide a field in a Drupal form
- Passing php variable from one form to another page with hidden value
- (PHP) How can I make input hidden data to get value from input box
- Simple PHP questions about hiding a input
- PHP/JavaScript Hide information
- Make certain variables hidden inside PHP file
- Using hidden "form" to pass variables
- How to not display a hidden form in php
- hide some form information without changing from GET to POST