Prevent a line of source code from showing

Question

How to hide this html line, that will not appear for the user in inspect element or view source.

<input type="hidden" name="kda" value="<?php echo $code;?>">

how can I do this?

Answer 1

You may use encryption if you still want to use it as a query parameter in your form otherwise session is your best bet.

<input type="hidden" name="kda" value="<?php echo some_php_crypt_function($code);?>">

When you receive kda on the server,just decrypt it and get the value.

This link http://www.php.net/manual/en/mcrypt.examples.php has examples of how to use encryption/decryption in php.

Answer 2

It's impossible to hide HTML from view source. Any HTML gets sent to the client and can be viewed in view source. Try storing it in $_SESSION, a PHP superglobal. It gives the user a cookie that tells PHP where to look to find that user's information in $_SESSION.

$_SESSION is an array. That means you can store $_SESSION['pies_bought'] = 7 and $_SESSION['cakes_bought'] = 3.

http://www.php.net/manual/en/session.examples.basic.php

Answer 3

Set this flag as a PHP variable instead of actually including the hidden input field in the form.

Answer 4

If you "hide" it, it won't work. You could surround in PHP comment so it's stripped when the server renders the page, but I think you are asking to hide the value of this hidden form field, and that you can not do as you are suggesting. You could post the "viewable" form fields to another php script that then adds this "confidential" key, and then submits the form wherever it's going. You could, upon submission of form, call an ajax request to get the value and submit all at once.

Many ways to skin a cat.

Answer 5

You can't do that - everything you send to the browser can eventually be read and stored somehow.

What you can do instead, however, is using a session to store this information. Then, only a session identifier will be sent to the browser (and back to the server) while your sensitive information can stay on the server.