I’m trying to construct a HTML/PHP page with three hidden input fields. The values of these are set beforehand by the server. They’re all hidden, and they have the disabled attribute. I use them to store values on one page so they can be used on the next page.
However, by using the address bar, you can take off the disabled (or readonly) property using Javascript:
javascript:document.forms[0].myfieldhere.disabled=false; (or readOnly=false)
Then, you can change whatever’s in the fields without issues:
javascript:document.forms[0].myfieldhere.value='bogus input';
Is there a way to prevent this? Or is there perhaps a better way to store values in one page, to be passed to the next? I’m relatively new at this, and any help is appreciated.
If your script has data that needs to persist from one page to another without the user being able to muck with it, then don’t pass it through the browser at all- use a session instead. $_SESSION is a superglobal variable that lets you store data for the session. on the server. The user can’t touch it, but you can access it through php.
Here’s a useful tutorial on the subject that I have found very helpful in the past:
http://www.tizag.com/phpT/phpsessions.php