I apologize in advance, I am a PHP noob!
I have form with some hidden fields. I need the values to POST to “submit_rma.php” so that they’re not missing from the db–I need $qty, $estmate_id and $rma_type.
The rest of the fields are just displaying data for the user and are readonly. Currently I only get value from the qty text field.
Is there any easier way to pass these values? URL is out of the question due to security issues.
<form method="post" action="submit_rma.php";>
<table>
<tr>
<td>
Quantity
</td>
<td>
<input type="text" name="qty" value="<?php echo $qty ?>" size="1"/><br/>
</td>
</tr>
<tr>
<td>
Part #
</td>
<td>
<input type="text" name="" value="<?php echo $model ?>" size="8" READONLY/><br/>
</td>
</tr>
<tr>
<td>
Description
</td>
<td>
<input type="text" name="" value="<?php echo $name_EN ?>" size="50" READONLY/><br/>
</td>
</tr>
<tr>
<td>
Paid Date
</td>
<td>
<input type="text" name="" value="<?php echo $sold_date ?>" size="6" READONLY/><br/>
</td>
</tr>
<tr>
<td>
Amount Each
</td>
<td>
<input type="text" name="" value="<?php echo $dealer_price ?>" size="8" READONLY/>
</td>
</tr>
</table>
<input type="hidden" name="estmate_id" value="<?php echo $estmate_id ?>">
<input type="hidden" name="rma_type" value="Short Shipped">
<input type="submit" name="submit";">
</form>
Maybe use a hidden
<INPUT>:This won’t show anything to the user. If you’re unfamiliar,
<?= x ?>is effectively equivalent to:<?php echo x; ?>.However, this is a security problem, as an attacker could craft a fake request and put a different value into the field (sidestepping your page and doing the request directly). You should try and get the value some other way, such as through running the
INSERTon page generation, then using anUPDATEon the POST, or something like that.