Home/ Questions/Q 580609
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T14:29:27+00:00

Is there any reason why you should or shouldn’t name your form fields exactly

  • 0

Is there any reason why you should or shouldn’t name your form fields exactly the same as the HTML fields?

<input type="text" name="my_field_1" id="my_field_1" /> --> mysql row my_field_1

or

<input type="text" name="myField1" id="myField1" /> --> mysql row my_field_1

The only thing I can think of are probably naming conventions for HTML vs Mysql (personal preference maybe), as well as slight injection prevention (obviously the field name would have to vary more… but all values should be validated first anyway + the use of real escape string).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The only way I can see this could pose a problem is when the attacker knows the name of a protected column in the same table that is not supposed to be changed through the form, and creates a new input element with that name with the intention of “slipping” the value illegally into the table.

    That is something that your program must filter out anyway on program level, so there’s no problem with naming form fields after your actual column names. You just need to take care to never loop through every available table column or form field, but be picky about what gets updated.

    A secondary, very remote risk is that you are exposing column names in your table. So if you’re super-paranoid about security, you may want to give the form fields a name different from their column. But I can’t see any real necessity for that.

    • 0