0

I have a form:

<input type="text" value="3X732" readonly/>

Well, the user can use a program to edit the input value and then, break the system.

How can I prevent this? I can use anything, except scripts.

Ow an the value is dynamic, so I can't do something like $code = "3X732";

John Balls
  • 11
  • 1
  • 9
  • 2
    if your system relies upon an input field I think it has a serious security issue, never trust the client – lelloman Jun 21 '13 at 12:04

2 Answers2

1

You should use $_SESSION to pass important data instead of html, never trust the user.

SkarXa
  • 1,184
  • 1
  • 12
  • 24
0

Encrypt the value and save the encrypted value in a hidden field in the form. When the form is submitted run the same algorithm on the value of the text field and compare it to the encrypted value. They should match otherwise it has been fiddled with...

Walter81
  • 493
  • 2
  • 8
  • 21