another question about security!
usually i print in my form an hidden field like
Code: Select all
<input type='hidden' name='user_id' id='user_id' value='4' />Code: Select all
if(isset($_POST['save_user'])){
$name = clean($_POST['name']);
$id = (int)$_POST['user_id];
$sql = "UPDATE user SET name = '$name' WHERE id = '$id";
}
Code: Select all
function clean($testo){
$testo = trim($testo);
$testo = htmlentities($testo, ENT_QUOTES, "UTF-8");
}and then, what can i do to make more sure the form and the id? i come from another page and send the id with get, like:
Code: Select all
<a href='edit_user.php?id=4'>edit</a>