Bill Masters
Reputation: 161
Is there any benefit to cryptically naming your form fields?
Is there any security benefit to using cryptic names for your form fields like so:
if (isset($_POST['submit_jw58dplem42pd45r'])){$submit = $_POST["submit_jw58dplem42pd45r"];} else {$submit ="";}
if (isset($_POST['txt_textbox_f48yjdp429plwdhp'])){$txt_textbox = $_POST["txt_textbox_f48yjdp429plwdhp"];} else {$txt_textbox ="";}
if ($submit=="submit"){
echo "$txt_textbox";
}
echo "<form method='post'>"
. "<input type='text' name='txt_textbox_f48yjdp429plwdhp' size='45' maxlength='45' value='Text Value Here'>"
. "<input type='hidden' name='submit_jw58dplem42pd45r' value='submit'>"
. "<input type='submit' value=' Submit '>"
. "</form>";
Upvotes: 2
Views: 39
Answers (1)
Nisk
Reputation: 540
No.
Security through obfuscation doesn't work, in this case there's absolutely no benefit whatsoever, you're just complicating things for no reason. The sites visitors still need to know what information to input, those indicators would be trivial to find using a bot (not that they are needed).
Upvotes: 2
Related Questions
- Is it redundant to use the "name" attribute for input fields in modern web development?
- What's the point of HTML forms `name` attribute?
- Is it good to use hidden fields to pass form field labels to php?
- With Rails 5, how to think about naming a form field to later be used be a Rails Controller#create method
- Any hidden reasons to use ids instead of name attributes to identify fields in forms?
- Is putting form fields inside label tags a good or bad idea?
- What's the point of naming forms?
- What are your thoughts on naming controls in asp .net web forms?
- When using a form designer, should labels be named?
- Do input field NAMES have to be unique across forms?