How to remember id in form?
Posted: Mon Feb 01, 2010 6:17 am
Hi again!
another question about security!
usually i print in my form an hidden field like
where i write the id of the user (or news or anythings i have on my db) and that i read when i submit the form to understand which data i have to update, like
first: it's ok
or is not safe and i have to add something?
and then, what can i do to make more sure the form and the id? i come from another page and send the id with get, like:
thanks for all the help! as you can see, with me there is lot to do 
another question about security!
usually i print in my form an hidden field like
Code: Select all
<input type='hidden' name='user_id' id='user_id' value='4' />Code: Select all
if(isset($_POST['save_user'])){
$name = clean($_POST['name']);
$id = (int)$_POST['user_id];
$sql = "UPDATE user SET name = '$name' WHERE id = '$id";
}
Code: Select all
function clean($testo){
$testo = trim($testo);
$testo = htmlentities($testo, ENT_QUOTES, "UTF-8");
}and then, what can i do to make more sure the form and the id? i come from another page and send the id with get, like:
Code: Select all
<a href='edit_user.php?id=4'>edit</a>