Menu
I have been using hidden values for forms.
Example:
<form method="post" action="page.php">
<input type="text" name="name""
<input type="hidden" name="book_id" value="$bookid">
<input type="button">
</form>
$bookid is the $_GET value for book.php?id=34324
So instead of doing page.php?id=$bookid I am using $bookid in hidden field.
My Question: Is it harmful if i use hidden values vs using $GET or $POST in the form action?
425
The <input type="hidden"> defines a hidden input field. A hidden field let web developers include data that cannot be seen or modified by users when a form is submitted. A hidden field often stores what database record that needs to be updated when the form is submitted.
In jQuery to set a hidden field value, we use . val() method. The jQuery . val() method is used to get or set the values of form elements such as input, select, textarea.
It is not possible to hide elements from the DOM inspector, that would defeat the purpose of having that tool. Disabling javascript is all it would take to bypass right click protection. What you should do is implement a proper autologin.
To answer your question: no it is not harmful to use hidden inputs in this way.
To fix the supplied code you need to give your hidden input a name and change the method to GET:
<?php
if(array_key_exists('id', $_GET)) {
$bookid = (int) $_GET['id'];
}
?>
<form method="get" action="page.php">
<input type="text" name="name">
<input type="hidden" name="id" value="<?php echo $bookid; ?>">
<input type="button">
</form>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
