I have this question in my mind.
I thought to share it with you fellows to get a suitable answer for myself and might help someone out there.
So, for argument’s sake lets assume we have a users table for our website with the following columns:
id, name, email and password
Many times we have to use the id field on the client side.
say we have implemented AJAX to allow the users to edit their profile.
and on profile editing page looks something like this:
<div>
<div>
<label>Name: <input type = "text" name = "txtName" id = "txtName"/></label>
</div>
<div>
<label>Email: <input type = "text" name = "txtEmail" id = "txtEmail"/></label>
</div>
<div>
<label>Password: <input type = "password" name = "txtPasswd" id = "txtPasswd"/></label>
</div>
<div>
<input type = "submit" name = "updateProfile" value = "Save" />
<input type = "hidden" name = "id" value = "1" />
</div>
</div>
Please keep your focus on the question rather than pointing out flaws which can arise from the tables design, the html or css stuff.
Regards,
You should better keep the user type in session.
By user type, I mean you will have to check access/edit/update/view rights according to user types.
then showing ids to users do not have any means of revealing your database column values, as your rights checking code will overcome by redirecting or prompting user that such actions are not allowed to their user type.
One more thing if you use encrypt value for the ids, then again user can just copy and use your encrypt value for their sneaky purposes.