|
PHP - Hidden Data.
hi , when I use hidden input tag and save there information to send with the form , is that secure?
I mean , if the user or hacker or anything can change the value of the hidden tag? thanks , Mor. Similar TutorialsHi, Hope somebody can help me because I am relatively new to PHP and I am currently unsure how to implement the following: Let's assume I have a table like this id_number, name, data1, data2. When displayed on HTML page: Column id_number should be hidden. Column name is a link. When you click on this column then value stored in id_number should be used in a query to database. Result should be displayed below the link on the same page. When clicked again data should hide. I have some idea how to toggle visibility with a simple javascript function. How do i populate the table with hidden data and then extract it later on? Any help or suggestions are appreciated. Thanks. Code: [Select] <td > <form action="" method="post"> <b> <?php echo $likes_count; ?> </b> <b> | </b> <b> <?php echo $dislikes_count; ?> </b> <button class="LikeButton" type="submit" name="likes" value="+1">Likes</button> <button class="DislikeButton" type="submit" name="dislikes" value="-1">Dislikes</button> <input type="hidden" name="hidden_con_id" value="<?php echo $con_id; ?>" /> </form> <?php echo $con_id; ?> </td> I have a table with a voting system and the problem I am experiencing is that the hidden id, which I call the hidden contribution id is not set thus the numeric array changes. I know that it is not best practice to use a numeric array for this, though I learned that afterwards. This is the array: Code: [Select] // POST BUTTONS inside the table if (isset($_POST['likes'])) { $likes = $_POST['likes']; } if (isset($_POST['dislikes'])) { $dislikes = $_POST['dislikes']; } if (isset($_POST['likes']) || isset($_POST['dislikes'])) { $hidden_con_id = $_POST['hidden_con_id']; } // $array = array ($likes, $dislikes, $con_id, $user_id); if (isset($likes)) { $array[] = $likes; } if (isset($dislikes)) { $array[] = $dislikes; } if (isset($hidden_con_id)) { $array[] = $hidden_con_id; } if (isset($dnuser_id)) { $array[] = $dnuser_id; } As said the problem I have is that the hidden_con_id variable is not set and that consequently array[2] becomes the user_id variable. Any suggestions why it is not becoming set? how would i retrieve a hidden field from this form Code: [Select] $checkoutBtn .= '<form action="checkout.php" method="POST" id="checkform"> <input type="hidden" name="item_name_' . $x . '" value="' . $eventname . '"> <input type="hidden" name="amount_' . $x . '" value="' . $studentsprice . '"> <input type="hidden" name="quantity_' . $x . '" value="' . $each_item['quantity'] . '">;[ <input type="hidden" name="custom" value="' . $product_id_array . '"> <input type="submit" class="checkoutbtn" name="checkoutbtn" value="CHECKOUT" /> </form>'; /code] I have a while loop that fetches data from the database and prints it out organized in a table. Now I want to implement a voting functionality, the problem I'm encountering is, once I've printed out a list of tables one table after other with the while loop I need to figure out a way to tell the query TO WHICH of those tables to ADD or SUBTRACT the vote. I thought of implement a hidden id field into the while loop of contributions, the id field would be fetched from the auto_increment field in the contribution table in the MySQL database. Since the id field is unique there can be no misunderstandings to which table to add the vote. My question how can I do exactly that? How can I add a hidden id field to the while loop with the table WHICH I then can pass along to the voting script. Here's the while loop: while ($row = mysqli_fetch_array($data)) { echo "<table padding='0' margin='0' class='knuffixTable'>"; echo "<tr><td width='65px' height='64px' class='avatar_bg' rowspan='2' colpan='2'><img src='$avatar_path' alt='avatar' /></td><td class='knuffix_username'><strong>" . $user_name; echo "</strong><br />" . $row['category'] . " | " . date('M d, Y', strtotime($row['contributed_date'])) . "</td></tr><tr><td>"; echo "<form action='' method='post'> <input type='submit' name='plusVote' value='Y' /> <input type='submit' name='minusVote' value='N' /> </form></td><td class='votes'>Y[ - ] | N[ - ]</td></tr>"; echo "<tr><td class='knuffix_name' colspan='3'><strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td colspan='2' class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "</table>"; } If I simply add $row['con_id'] it's obviously going to be echo'd out, what is the right practice to have it hidden? This is just a snippet of my code. The php script itself is called test.php and so it calls itself once the form is submitted. I keep having problems retrieving the data back correctly; I am testing in retrieving the data on the same script from the same page before retrieving the POST data from another webpage. If $decimalSum is a variable that assigns a value that is hard-coded then I would be able to retrieve the same value. However, if the value is computed I can not retrieve it unless I click on the "Find" button twice. This is such a strange behavior and I don't know why. Does anyone have any suggested solutions to this? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> </head> <body> <?php echo '<form enctype="multipart/form-data" method="post" action="test.php">'; echo ' <label for="_firstName">First name : </label>'; echo ' <input type="text" id="_firstName" name ="_firstName">'; echo ' <input type="checkbox" value="1" name="_firstNameChecked"/>'; echo ' <label for="_middleName">Middle name : </label>'; echo ' <input type="text" id="_middleName" name ="_middleName">'; echo ' <input type="checkbox" value="1" name="_middleNameChecked" />'; echo ' <label for="_lastName">Last name : </label>'; echo ' <input type="text" id="_lastName" name ="_lastName">'; echo ' <input type="checkbox" value="1" name="_lastNameChecked" />'; echo '<br />'; echo '<input type="submit" name="Find" value="Find" />'; $firstNameChecked = intval(($_POST['_firstNameChecked'])); $middleNameChecked = intval(($_POST['_middleNameChecked'])); $lastNameChecked = intval(($_POST['_lastNameChecked'])); $decimalSum = (int)((2*2*2)*$firstNameChecked + (2*2)*$middleNameChecked + (2*1)*$lastNameChecked); //$decimalSum = 28; echo '<br />'; echo '$decimalSum = ' . $decimalSum . '<br />'; echo '<input type="hidden" name="_decimalSum" value = "' . $decimalSum . '" />'; $decimalSum2 = ($_POST['_decimalSum']); echo '$decimalSum2 = ' . $decimalSum2 . '<br />'; echo '</form>'; echo '</body>'; echo '</html>'; ?> I have created a form which allows people to add data to a database. However, I want to replicate the form across several pages and give each page a category. For example, if I have a website based on sport. I have a page which enters information into the baseball category, a page which enters information into the ice hockey category, a page which enters information into the soccer category etc. Can someone advise how I would do this? Is there anything wrong (or insecure) with using hidden form fields? I am working on a page where the user can choose one of 4 different subscription options. The approach I was going to use is to have a separate form for each plan, and when the user chooses one, submit a hidden form value so my script knows which subscription plan to grab out of the database. Thoughts? Hi I have an index.php with three drop down boxes on, each drop down uses an SQL statement to pull seatNumber from 'seats' each seat number has a UI and a forgein key field called SrideID. I have the buttons on the dorp down boxes going to dd-check.php, here the seat chosen is posted and a simple echo(just testing it works atm) for me to do any queries I also need the SrideID within the dropdown box, i tried adding it within the <option></option> but it only made the drop down duplicate. 1 1 2 2 3 3 ect..... what i would like is for the SrideID field to be included with in the dropdown box but hidden so i can post it to the dd-check.php and then show the time and price of that particular ride. here is the table and the code so far. Thanks for any help. CREATE TABLE `ride` ( `RrideID` tinyint(1) default NULL, `name` varchar(20) default NULL, `time` tinyint(1) default NULL, `price` varchar(4) default NULL ) INSERT INTO `ride` VALUES (1, 'Swinging Ship', 7, '2.50'); INSERT INTO `ride` VALUES (2, 'Roller Coaster', 5, '3.75'); INSERT INTO `ride` VALUES (3, 'Ice Blast', 4, '3.00'); CREATE TABLE `seats` ( `seatID` int(8) NOT NULL default '0', `SrideID` tinyint(1) default NULL, `seatNumber` int(2) default NULL, PRIMARY KEY (`seatID`) ) INSERT INTO `seats` VALUES (1, 1, 1); INSERT INTO `seats` VALUES (2, 1, 2); INSERT INTO `seats` VALUES (3, 1, 3); INSERT INTO `seats` VALUES (4, 1, 4); INSERT INTO `seats` VALUES (5, 1, 5); INSERT INTO `seats` VALUES (49, 2, 1); INSERT INTO `seats` VALUES (50, 2, 2); INSERT INTO `seats` VALUES (51, 2, 3); INSERT INTO `seats` VALUES (52, 2, 4); INSERT INTO `seats` VALUES (53, 2, 5); INSERT INTO `seats` VALUES (69, 3, 1); INSERT INTO `seats` VALUES (70, 3, 2); INSERT INTO `seats` VALUES (71, 3, 3); INSERT INTO `seats` VALUES (72, 3, 4); INSERT INTO `seats` VALUES (73, 3, 5); code for index.php <table width="200" border="1"> <tr> <h1>Swinging Ship</h1> <?php echo '<form method="post" name="f1" action="dd-check.php">'; $query_s = "SELECT * FROM `seats` WHERE SrideID='1' ORDER BY seatID"; $result = mysql_query($query_s); echo"<select name='seatNumber'><option value=''>Select Seat</option>"; while( $row = mysql_fetch_array($result) ) { echo '<option>'.$row['seatNumber'].'</option>'; } echo '</select>'; mysql_free_result( $result ); echo "<input type='submit' value='Submit'>"; echo "</form>"; ?> </tr> <tr> <h1>Roller Coaster</h1> <?php echo '<form method="post" name="f2" action="dd-check.php">'; $query_r = "SELECT * FROM `seats` WHERE SrideID='2' ORDER BY seatID"; $result = mysql_query($query_r); echo"<select name='seatNumber'><option value=''>Select Seat</option>"; while( $row = mysql_fetch_array($result) ) { echo '<option>'.$row['seatNumber'].'</option>'; } echo '</select>'; mysql_free_result( $result ); echo "<input type='submit' value='Submit'>"; echo "</form>"; ?> </tr> <tr> <h1>Ice Blast</h1> <?php echo '<form method="post" name="f3" action="dd-check.php">'; $query_i = "SELECT * FROM `seats` WHERE SrideID='3' ORDER BY seatID"; $result = mysql_query($query_i); echo"<select name='seatNumber'><option value=''>Select Seat</option>"; while( $row = mysql_fetch_array($result) ) { echo '<option>'.$row['seatNumber'].'</option>'; } echo '</select>'; mysql_free_result( $result ); echo "<input type='submit' value='Submit'>"; echo "</form>"; ?> </tr> </table> code for dd-check.php <?php $result=$_POST['seatNumber']; echo " <p> the seat choosen is : $result <p> "; //TEST PULL ALL QUERY $testPullAll = mysql_query("SELECT * FROM ride"); echo "<table border='1'> <tr> <th>Name</th> <th>Duration</th> <th>Price</th> </tr>"; while($row = mysql_fetch_array($testPullAll)) { echo "<tr>"; echo "<td>" . $row['name'] . "</td>"; echo "<td>" . $row['time'] . "</td>"; echo "<td>" . $row['price'] . "</td>"; echo "</tr>"; } echo "</table>"; ?> the end result will be a query in dd-check.php that says something like if [hidden SrideID = 1] echo 'the name, time and price of the ride' if [hidden SrideID =2 echo name, time and price if number 3 then echo the rest of the row. any help would be great, i've been using trial and error so far (since yesterday afternoon) with no success =( ps sorry for the long post, i wanted to try and explain everything the best i can. =) Hello, My question is how to send values over and over without using forms or even hidden forums. I have tried to use sessions but it didn't work out for me. Any suggestions! Hey all, i have a little problem. I have a form, and when submitting, i need to use the ID that i put in the $_GET array earlier. When you're entering my site, and clicks a certain link, the $_GET will store show=1, and when you're submitting the form on the page, the value of 'show' is needed on the redirect page.. I thought that it would be smart to transfer it with a hidden textfield, but somehow it fails? <form id="comment-form" action="comment_profile.php" method="POST"> <fieldset> <div class="field"> <textarea name="comment-field" rows="2" cols="66"></textarea> <input type="hidden" name="pofileid-field" value="<?php echo $_GET['show']; ?>" /> // <--- Here is the hidden field. <input type="submit" name="submit-field" class="submit" value=""/><i> (HTML tags kan bruges)</i> </div> </fieldset> </form> Above you can see a piece of my code, and i marked the hidden field aswell. What i do not understand is, why isn't the hidden fields value return the value of show when i check in comment_profile.php, as that is where it returns? Thanks in advance -Niixie Hello everyone, I have a question. I'm trying to figure out a way to make it so that when a user visits a page for a certain file, they are given the file to download but can't see the link to that file. Example: There is a file on http://serverB.com/file.rar A person goes to http://serverA.com/?file=file.rar They can download http://serverB.com/file.rar without seeing the link to that file. Is there any way to do this? Thanks. Hi Guys, Appreciate any help here please... Basically I want to hide some inputs on my registration page and populate them will default values. Everything works okay, apart from the input below: Code: [Select] <input type="hidden" name="seek_location" value="Anywhere"> When I use the above, the MYSQL database field for seek_location is left empty... I've noticed that the code below pulls the location into a dropdown list. You know the kind of thing, Australia, UK, USA etc etc: Code: [Select] $seek_location = $wcr[$seek_location]; Code: [Select] <? $p=0;asort($wcr);reset($wcr); while (list ($p, $val) = each ($wcr)) { echo '<option value="'.$p.'">'.$val; } ?> So, all I want to do is have: Code: [Select] <input type="hidden" name="seek_location" value="Anywhere"> Populate seek_location with Anywhere Any help appreciated Thanks Rob I have a menu that i want to be added to every page of my coding using a hidden variable, but i cannot get it to work. I using this with a few if conditions. the index page should navigate every page. can anyone help? I have attached the files to illustrate the coding i have done so far. [attachment deleted by admin] This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=317004.0 I know that it is possible to see what is sent by looking at livehttpheaders, but how do you know how hidden variables are generated? I don't think that that's possible to see that from live httpheaders. i have the following code: <li>Have you read the <?php echo link_to('FAQ','util/faq') ?> ? <select id="yesnolist" onChange="getChoice(this.value)"> <option value="yes" selected="selected">Yes</option> <option value="no">No</option> </select> </li> <input type="hidden" name="text" size=30 id="yesandno"> <?php if ($_GET['yesandno'] == "no") { echo "anything!!!!!!!!!!!!!!!!!!!"; } ?> then my java script for getCoice(): function getChoice(val) { yesNo = new Array("Yes", "No"); var getsel = document.contactus.yesnolist.value; var e = document.getElementById("yesnolist"); var strUser = e.options[e.selectedIndex].value; document.contactus.yesandno.value = strUser; alert(document.contactus.yesandno.value); return strUser; } my alert will gove yes or no depending on what i chose in the dropdown but HOWCOME it does not go into the if ($_GET['yesandno'] == "no") ???? please help??? so I have this code: Code: [Select] <input type='checkbox' name='title8' value='$title8' /></td><td><strong>$title8</strong> <br /> $date8 <br />$ $price8<input type='hidden' name='price8' value='$price8'> how do I make is so that the hidden field is only going to submit if the checkbox is checked........ Hi I am using Comet programming and the hidden iframe (the only real way to push data with php) I have this working perfectly on one server but another it just shows a constant blank screen. I have both servers in the php.ini with output buffering to On, no set size but also the script itself outputs over 250 characters to compensate for some browsers buffers. I just don't understand why it works on one server but not another! Just for note, it only does this when i use the sleep() function...but like I say this works on one of my servers. Here is the example program to test the functionality. On this site is works : www.gookymedia.com/comet but here, the exact same code does not : www.jointsocial.com/comet This is one of the most baffling things I have come across in php programming so far, and believe me I have written some complex applications over the years! I could do with someone to point out whats going wrong (if anyone has ever done this before) CODE FOR index.php Code: [Select] <?php ob_implicit_flush(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>CD Store</title> <script type="text/javascript"> function updateTest(count){ document.getElementById('test').innerHTML = "Number " + count; } </script> </head> <body> <div style="width: 200px; height: 50px; color: red;" id="test"></div> <iframe name="hidden" id="hidden" height="0" width="100%"></iframe> <script type="text/javascript"> document.getElementById ( 'hidden').src = 'test.php'; </script> </body> </html> CODE FOR test.php Code: [Select] <?php set_time_limit(0); ob_implicit_flush(); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); flush(); $count = 1; do {} while ( updateCount() > 0 ); function updateCount() { global $count; echo ' '; echo ' '; echo '<script type="text/javascript">parent.updateTest ( "' . $count . '" );</script>'; flush(); sleep(1); $count++; return $count; } ?> Hi I've got a form that users enter an identification pin in for their first question as well as clicking a radio button(Q1.php) . They click submit and the answers are put through a couple of multiplication function and then placed in a table (alongside the pin) via Q2.php. On the Q2 page I want to place the 2nd question that the user needs to answer. Rather than making them retype the pin I was hoping to process it as a hidden field - being picked up from their Q1.php entry. This 'hidden pin echo ' process will continue throughout Q2- Q10 pages. However - I can't seem to include any php in the page after the Q1 form has been processed. Have I got my php tags messed up? <?php $con = mysql_connect("localhost","ca","d"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("candango", $con); $q1 =$_POST['q1']; $pin =$_POST['pin']; $ans1 = $q1 * 3; $ans2 = $q1 * 5; $ans3 = $q1 * 2; $enter_sql= "INSERT INTO aapcm2 (pin,ans1, ans2, ans3) VALUES ('$pin','$ans1','$ans2','$ans3')"; $enter_query =mysql_query($enter_sql) or die (mysql_error()); ?> <body> <p>Thank you - You have successfully entered your answers.</p><form action="q2.php" method="post"> <p>What do you think the answer to this one is? <input type="radio" name="q2" id="q2" value="-3"> <label for="q2"></label> <input name="Hidden" type="hidden" id="Hidden" value="$pin" /></p> <p> <input type="submit" name="button" id="button" value="Submit"> </p> </form> <p></p> </body> |
|||||||