All geek questions in one place

How to transfer data from a form without a form field? (Php)

I have a form for editing a username and email. Therefore, when he updates the name and email address, he needs a username to determine which line he should update.

So, I wanted to know if there is any element that is submitted with the form, but not displaying the value or not being edited in the input tag.

So, I get the username from one script. The user editing the script gets the name and email address from the database with the specified username. Then it passes this new name and email address with the username to another script that updates it.

+6
source share
8 answers

I believe what you are looking for

<input type='hidden' name='username' value='theusername' />

hidden - can only be seen in the source of your HTML document
name - where it will be in the variable $ _REQUEST / $ _ POST / $ _ GET ($ _POST or $ _GET depending on how you submit your form) variable on submit
value is the name of the user you want this form to apply to


PROGRAM BOARD . Find out who is trying to update users so that you do not have unauthorized users updating your user information. It would be very easy to change the username on the form and try to update someone else.

+5
source

You can use hidden input type

 <input type="hidden" name = "username" value="<?php echo $username ?>">
+4
source

use:

  <input type="hidden" />

HIDDEN is the value of the TYPE attribute for the INPUT element for FORM s. It indicates a form field that is not explicitly displayed in the document and that the user is not interacting with it. It can be used to transmit information about the status of a client or server. Hidden fields often retain the default value (e.g. via php) or change their value to JavaScript.

more details here

+4
source

Use hidden input tag:

 <input type='hidden' name='username' value='theusername' />
+3
source

You can use the hidden form field:

 <input type="hidden" name="originalUsername" value="something" />

This will not be displayed on the form in the browser and will probably be ignored and invisible to the user.

However , keep in mind that this is being edited. Do not rely on this as a security measure. When the form is submitted, make sure that the user submitting the form (using any authentication and authorization mechanisms that you have) has the right to make this change before continuing with it in the database. Any form field can be edited.

+3
source

Like everyone else, you need hidden input. It will be editable, although never trust it, because you never trust other data coming from outside.

But I would like to add that it would be better not to use the username to identify the row, instead add the identifier column as the primary key to your database (possibly automatically increase it) and use it in your form.

Sort of

 <input type="hidden" name="userid" value="<?=$userid?>" />
+3
source

Arun, you can use GET to transfer variables from one page to another. Just create a URL like edituser.php?username=arun and so on. This is the only possible way to transfer variables or data, of course, in addition to cookies, to other pages without using form tags.
The second method is to use JavaScript to create a hidden form field and update it with the username.
Third, just add hidden input tags. But for this and for the latter, you will need form tags.

A word of caution, filter user inputs should be JS, GET, or hidden fields.

+3
source

Use this if you want to use it safely:

 <input type='hidden' name='username' value='<?php echo encode("Please Encode Me!","This is a key"); ?>' />

which will result in:

 <input type='hidden' name='username' value='p3e4e4241674d2r4m4i5o464a4f2p3k5c2' />

and in the script modification you will need to use:

 <?php $username = decode("p3e4e4241674d2r4m4i5o464a4f2p3k5c2","This is a key"); ?>

Below you have the PHP functions for ENCODE / DECODE:

 <?php function encode($string,$key) { $key = sha1($key); $strLen = strlen($string); $keyLen = strlen($key); for ($i = 0; $i < $strLen; $i++) { $ordStr = ord(substr($string,$i,1)); if ($j == $keyLen) { $j = 0; } $ordKey = ord(substr($key,$j,1)); $j++; $hash .= strrev(base_convert(dechex($ordStr + $ordKey),16,36)); } return $hash; } function decode($string,$key) { $key = sha1($key); $strLen = strlen($string); $keyLen = strlen($key); for ($i = 0; $i < $strLen; $i+=2) { $ordStr = hexdec(base_convert(strrev(substr($string,$i,2)),36,16)); if ($j == $keyLen) { $j = 0; } $ordKey = ord(substr($key,$j,1)); $j++; $hash .= chr($ordStr - $ordKey); } return $hash; } ?>
+1
source

Source: https://habr.com/ru/post/886533/

More articles:


All Articles