Hi guys,
I need a little help right now
I've created a form with a specific value that's generated every time the page load.
But it seems, people can change that value by using some tools such as firebug, web developer, or tamper data.

I want that value to be stay hidden like encrypted or something or maybe generated while the form is submitted.
Anything would be just fine as long as people can't change that value.

here's the form

PHP Code:

<form name='form1' method='post' action='somefile.php'>
  <p>Name: 
    <input name='name' type='text' id='name'>
    <input name='aid' type='hidden' id='number' value='".$number."'>
  </p>
  <p>
    <input type='submit' name='Submit' value='Go'>
</p>
</form> 


can anyone help me?

use a session value.

Quote:

Originally Posted by chrishirst

use a session value.

hmm...I still don't understand how this can solve the problem...
are there any alternatives?
if not, can you explain a bit more about this? I'm still a newbie at this kind of thing, so every help would be much appreciated

Chris means use a php session.

IE:

Rather than putting values in text fields do this:

PHP Code:

<?php
session_start();

$_SESSION['value1'] = "somevalue";
$_SESSION['value2'] = "somevalue";



?>

Now whenever you need those values on ANY page,
Just use session_start();

and call the value.

echo $_SESSION['value1'];

I have more than 50 value in the database
does that means that I have to create more lines like this:

PHP Code:

$_SESSION['value1'] = "12345";
$_SESSION['value2'] = "678910";
$_SESSION['value3'] = "1112131415";
$_SESSION['value4'] = "1617181920"; 


Quote:

Originally Posted by progogi

I have more than 50 value in the database
does that means that I have to create more lines like this:

PHP Code:

$_SESSION['value1'] = "12345";
$_SESSION['value2'] = "678910";
$_SESSION['value3'] = "1112131415";
$_SESSION['value4'] = "1617181920"; 


Yeah pretty much.

You will only need to get the values from the DB once ( when the user loggs in to your page, Or whenever. )

Then on ANY page.

Put session_start(); at the VERY top before any output.

Now you can call the vars on any page without needing to pass them through forms or any clientside method.

Where do I put

PHP Code:

echo $_SESSION['value1']; 


to call the value?

and how do I know that it will fetch a random value from the database?

eh?
Yeh just echo it like that.

Also, if your just wanting a random number, Why not just use rand() in your somefile.php
?

Also, if your wanting just a unique ID. why not have mysql create it for you ? using ID and have it as a unique auto increment value.

Quote:

Originally Posted by lynxus

eh?
Yeh just echo it like that.

Also, if your just wanting a random number, Why not just use rand() in your somefile.php
?

Also, if your wanting just a unique ID. why not have mysql create it for you ? using ID and have it as a unique auto increment value.

The value is called from the MySQL Database, think of it as some kind of a usergroup number.
The only problem is that I don't know how to prevent people from changing that value, I know Chris told me to use PHP session
but I don't understand how that would solve the problem...or perhaps I am missing something?

Yeah, so use a php session.

You pull the value from a DB, put it into a session var ( like i showed you above )

Then whenever you need that value, Just call it from the session var.

It cant be changed as the session values are stored on the server.
The user cant do anything with them.

ok, but can you help me a little bit on how to use the code?
will it work if I put it like this?

PHP Code:

 <?php
session_start();

$_SESSION['value1'] = "somevalue";
$_SESSION['value2'] = "somevalue";

<!--- some php code here ---!>

<form name='form1' method='post' action='somefile.php'>
  <p>Name: 
    <input name='name' type='text' id='name'>
    <input name='aid' type='hidden' id='number' value='".$number."'>
  </p>
  <p>
    <input type='submit' name='Submit' value='Go'>
</p>
</form>

<!--- some php code here  ---!>

?>

page.php

Code:

           Name:

Sorry cant help, No idea why but i cant paste any code in here.

that's too bad, anyways I forgot to call the value in the earlier post

Can you tell me if this is correct?

PHP Code:

 <?php
session_start();

$_SESSION['value1'] = "somevalue";
$_SESSION['value2'] = "somevalue";

<!--- some php code here ---!>

<form name='form1' method='post' action='somefile.php'>
  <p>Name: 
    <input name='name' type='text' id='name'>
    <input name='aid' type='hidden' id='number' value='<?php echo  $_SESSION['value1']; '>
  </p>
  <p>
    <input type='submit' name='Submit' value='Go'>
</p>
</form>

<!--- some php code here  ---!>

?>

No whats the point?

Your still echoing your value into the FORM!!! people van play with it then.

Dont echo your value anywhere.

When the user loads somefile.php just use the value in your session var rather than a $_POST value!

You dont need.
<input name='aid' type='hidden' id='number' value='<?php echo $_SESSION['value1']; '>


All you need to do on any other page is just reference $_SESSION['value1']; whereever you need the value.

Well I only need that value on that specific page
so, I just need to remove that line ?

Surely you want to pass the value to the php page the form submits to?

Yes, but I just dont understand where do I put the echo $_SESSION['value1']; to call the value?

and do I just need to leave this line alone?

PHP Code:

    <input name='aid' type='hidden' id='number' value='".$number."'> 


You dont put the value anywhere.

IN the code on your OTHER page put the value there..