Reputation: 295
Problem on sending hidden value from a form
I'm creating a forum on Laravel that contain sections, threads and comments. Users can create threads on sections, and comments on threads. My problem is when user is creating a thread on a section I'm sending the section ID via hidden input value and if user edit that value he can post in other section.
What would be the best practice to do that? Or is there any way to get that id from controller or something like that? thanks
Upvotes: 0
Views: 33
Answers (1)
Reputation: 16751
Hidden form input values cannot be used to really hide something from the user. They are only hiding the value visually.
If a user is only allowed to edit their own thread, then you should check this in two places:
- When the user enters the editor for that thread.
- When the user submits an edit for that thread.
The check is simple. The user should be logged in, so in the session for that user you have stored the user id. In your database row for a threat you have also stored who wrote that thread. This is likely to be the user id. So you can compare those two values: They should match.
Upvotes: 1
Related Questions
- Laravel showing null value after form submit
- Laravel Form: How to pass hidden information to controller without using form
- Unable to pass hidden value to databse in laravel
- Form Data is Sending but it got manipulated on controller Laravel 5.8
- Value in a hidden input is not passed to controller
- Insert a value to hidden input Laravel Blade
- Laravel 5.5: Send value of hidden form input to controller
- Form won't pass hidden value
- Sending a hidden input from a form to a controller in Laravel
- How to post to a form using <a> tag and passing hidden value?