Page 1 of 1

Setting a value that cannot be changed in a form

Posted: Fri Mar 12, 2010 10:36 am
by scorpio90
hi guys,

i have made a form where users can ask a question about a spacific item (the item has its own website) and i have managed to get the item number/productd id in the form but does anyone know how i would be able to make it so that the user cant change it
as this will be posted to a database so we can reply to the users question about the product/item .... i will post the form below ... any help will be much appriciated thankyou :D

<form name="questionform" method="post" action="question_sent.php">
<table width="450px">
</tr>
<tr><td valign="top"><label for="property_id">Property ID *</label> </td><td valign="top"><input type="text" value="8887464" name="property_id" maxlength="50" size="20"></td></tr>

the value in green is what i wish to be kept and not be able to be changed by the user :D

thankyou in advance

Re: Setting a value that cannot be changed in a form

Posted: Fri Mar 12, 2010 11:19 am
by lshaw
use the attribute:

Code: Select all

<input disabled=true />

Re: Setting a value that cannot be changed in a form

Posted: Fri Mar 12, 2010 11:48 am
by akuji36
Hello

Please take a look at the following link:

It will give you a better idea about form security

and passing variables:

http://www.phpvideotutorials.com/lesson09/

thanks

Rod

Re: Setting a value that cannot be changed in a form

Posted: Fri Mar 12, 2010 12:04 pm
by flying_circus
scorpio90 wrote:hi guys,

i have made a form where users can ask a question about a spacific item (the item has its own website) and i have managed to get the item number/productd id in the form but does anyone know how i would be able to make it so that the user cant change it
as this will be posted to a database so we can reply to the users question about the product/item .... i will post the form below ... any help will be much appriciated thankyou :D

<form name="questionform" method="post" action="question_sent.php">
<table width="450px">
</tr>
<tr><td valign="top"><label for="property_id">Property ID *</label> </td><td valign="top"><input type="text" value="8887464" name="property_id" maxlength="50" size="20"></td></tr>

the value in green is what i wish to be kept and not be able to be changed by the user :D

thankyou in advance
The short answer is that you cant, so don't even try.

Your server sent me (the client) a bunch of text, which we percieve to be a form. I can do whatever I want with that text prior to sending it back to you. Anything I send you cannot be trusted.

The proper way to store that id is through a session. Session data is stored on your server and I can't manipulate it (well, provided you aren't a bonehead and store your session data in a publicly accessible directory, which is the php default).