Reputation: 1970
Submit a form variable in a secure way
I have a page with some forms. Each form does an action on a specific product (i.e. delete product). When a form is submitted, I need to know what product must be deleted, so I've included an hidden input inside forms containing the product ID.
<form method="post" action="delete.php">
<input type="hidden" name="id" value="1" />
Product one <input type="submit" name="delete" value="Delete" />
</form>
<form method="post" action="delete.php">
<input type="hidden" name="id" value="2" />
Product two <input type="submit" name="delete" value="Delete" />
</form>
Unfortunately, id value can be changed via browser inspector.
Is there a secure way to submit a variable inside a form? I've found this post, but in my case I have multiple ids so I can't know the submitted value before submission.
Upvotes: 0
Views: 826
Answers (1)
Reputation: 864
I think it is not possible, all you need to do is to verify in the back end after the submitting process if the submitted $_POST['id'] is valid/available for deletion, if valid, proceed with the deleting process , if not, go back and post a warning/notification saying "Invalid","Can't delete item", or "Why the h**l are you messing up with my code?"
Upvotes: 1
Related Questions
- html form send sensitive data javascript https
- Secure ajax form POST
- Form Post HTTPS
- Secure ways in sending confidential data to the server using HTTP Post
- Secure Hidden form Data $_POST
- Secure html form variable
- Securely submit form using JavaScript / PHP
- Posting form values securely from one page to another on client-side using pure Javascript and NO server-side technology
- Secure form submission
- Question about POST method security