Home/ Questions/Q 6950405
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T14:05:17+00:00

How can I prevent users from forging forms on the PHP or jquery side,

  • 0

How can I prevent users from forging forms on the PHP or jquery side, I am using Jquery’s ajax functionality to submit the forms, and this means that tech-wise people can change some variables such as the value of something (that shouldn’t be changed / is a user id or something like that) through the use of firebug or web inspector and likewise.

So how can I prevent users from changing these variables or making sure they are unchangeable through a secure and good way?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As the others have already stated, you can’t prevent the user from tampering.

    You are receiving data from me, and I can send you anything I want, I can even do an HTTP request by hand, without even using a browser, and you can’t do anything about it.

    If you don’t want a user to be able to alter an information, don’t provide it to him.

    You can store it in PHP’s session, which is stored server side (do not use cookies, they too are sent to the user) or save it in a database, both of them are not accessible to the end user.

    If you still want to pass the data to the user, compute some sort of hash (a secure hash, using a secure hashing algorithm and a secure message digest as Gumbo noted, this rules out algorithms like CRC32 or MD5 and MACs like your name or birthday) of the data and store it server side, then when the user submits back the data, check if the hashes match.

    But do know that this solution is not 100% secure. Hashing functions have collisions, and bad implementation exists.

    I would recommend to stick to the golden rule: if it’s not there, it cant break / be tampered / be stolen / etc.

    • 0