Radio buttons and checkboxes. Prevent changing of the value attribute

Question

So you have a checkbox or a radio button with a predifined value to be sent to the database:

<input name="statement" type="radio" value="AWENSOME">

But someone or a script, with bad intention can easily change the value of your checkbox/radio button with for example a basic "browser page inspect" and then send other value to the databse. For example:

<input name="statement" type="radio" value="NOT SO AWENSOME! STUPID">

How can one prevent that guys? Thank you.

you can't, it is your responsibility to recheck the value in the server side again — Arun P Johny, Feb 26 '15 at 09:40
So the solution would be defining methods to compare the values from the server side and prevent those wrong values to be sent to DB right? — agaezcode, Feb 26 '15 at 09:43

score 2 · Answer 1 · answered Feb 26 '15 at 09:43

2

No, you can't, the best way is to gather all allowable input values in the database and check those values everytime on the server. It is easy in case of inputs like checkbox, select, radio, because you know exactly what the values can be. In case of text inputs, you have to use regex and sanitanization.

answered Feb 26 '15 at 09:43

n-dru

9,285
2
29
42

I agree, the only way is to replace each of the string your put in your attribute by database entry, but could slow down overall performance of your web page. – Anwar Feb 26 '15 at 09:46
1

For better performance it can be also stored in array defined in static class or for example in APC cache. – n-dru Feb 26 '15 at 09:52
Ok, thank you guys. I was trying to see if it was an other solutions to solve these problems. I think I'll go with the solution of comparing from the server side... Thank you. – agaezcode Feb 26 '15 at 09:53

score 1 · Answer 2 · answered Feb 26 '15 at 09:52

You cannot totally prevent the user from modifying the html scripts in the browser, but you can prevent unnecessary data to enter in your database..

In order to prevent that, you should have a validator in your php scripts in the server side.

There are many ways in preventing invalid data to enter in the db:

make a list of valid values in the database and once the user selects it, the server will check if the value in the checkbox or radio is existing
make the value fo radio/checkbox an encrypted or lets say there is some unique format like zkdie23doo44s that can be identified by your server..
periodically, check the html checkboxes and reload the values based from the original html script in the server

hope this helped you get an idea or two..

Catzilla, cool. nice to see that's more solutions for the problem. Thank you — agaezcode, Feb 26 '15 at 09:58

score 1 · Answer 3 · answered Feb 26 '15 at 09:58

1

You can't do that you have to check once again on the server side and for the boxes like check box you know the value and for text box you can use regular expression

answered Feb 26 '15 at 09:58

varad mayee

619
7
19

hailton · Accepted Answer · 2015-02-26T11:51:42.387

1

Maybe something like this in your model would help if your are using php:

if ($data['statement'] == 'AWENSOME' || $data['statement'] == 'FOOBAR' )
{
   $statement = $data['statement'];
} else
{
   // abort the app or return an error to the user
}

edited Feb 26 '15 at 11:51

answered Feb 26 '15 at 10:26

hailton

591
1
3
15

Radio buttons and checkboxes. Prevent changing of the value attribute

4 Answers4