开发者

How to pass data from form without a form field? (PHP)

开发者 https://www.devze.com 2023-02-28 01:43 出处:网络
I have a form for editing a users name and 开发者_Python百科email. So when it updates the name and email, it needs the username to identify which row it should update.

I have a form for editing a users name and 开发者_Python百科email. So when it updates the name and email, it needs the username to identify which row it should update.

So i wanted to know if there is any element which is passed with the form but without showing the value or being editable in the input tag.

So i get the username from one script. The edit user script gets the name and email from the database with the specified username. Then it passes that new name and email with the username to another script which updates it.


I believe you are looking for

 <input type='hidden' name='username' value='theusername' />

hidden - can only be seen in the source of your HTML document
name - where it will be in the $_REQUEST/$_POST/$_GET ($_POST or $_GET depending on how you are submitting your form) variable on submit
value - the username you want this form to relate to

PRO TIP: Have a way to tell who is trying to update users so you don't have unauthorized people updating your user information. It would be very easy for someone to change the username in the form and try to update someone else.


You can use input type hidden

<input type="hidden" name = "username" value="<?php echo $username ?>">


use an:

 <input type="hidden" />

HIDDEN is a TYPE attribute value to the INPUT element for FORMs. It indicates a form field that does not appear visibly in the document and that the user does not interact with. It can be used to transmit state information about the client or server. Hidden fields often store a default value (e.g.via php), or have their value changed by a JavaScript.

more here


Use a hidden input tag:

<input type='hidden' name='username' value='theusername' />


As all the others stated you need a hidden input. It WILL be editable though, never trust it as you never trust any other data coming from outside.

But I'd like to add that it would be nicer not to use the username for identifying a row, add an ID column as a primary key instead to your database (possibly auto incremented), and use that in your form.

Something like

<input type="hidden" name="userid" value="<?=$userid?>" />


Arun, you can use GET to pass variables from one page to another page. Simply construct URLs as edituser.php?username=arun and so on. This is the only possible way to pass on variables or data, of course apart from cookies, to other pages w/out using form tags.
Second method is to use JavaScript to create a hidden form field and update it with username.
Third one is to simply add hidden input tags. But this and latter will require form tags.

A word of caution, filter user inputs, be JS, GET or hidden fields.


You can use a hidden form field:

<input type="hidden" name="originalUsername" value="something" />

This won't render on the form in the browser and will likely be ignored and unnoticed by the user.

However, be aware that this is editable. Do not rely on this as a security measure. When the form is submitted, make sure that the user submitting the form (using whatever authentication and authorization mechanisms you have in place) is authorized to make this change before persisting it to the database. Any form field being submitted can be edited.


Use this if you want to use it safely:

<input type='hidden' name='username' value='<?php echo encode("Please Encode Me!","This is a key"); ?>' />

wich will result into:

<input type='hidden' name='username' value='p3e4e4241674d2r4m4i5o464a4f2p3k5c2' />

and in the modification script you will have to use:

<?php $username = decode("p3e4e4241674d2r4m4i5o464a4f2p3k5c2","This is a key"); ?>

Below you have the PHP functions for the ENCODE/DECODE:

<?php

function encode($string,$key) {
    $key = sha1($key);
    $strLen = strlen($string);
    $keyLen = strlen($key);
    for ($i = 0; $i < $strLen; $i++) {
        $ordStr = ord(substr($string,$i,1));
        if ($j == $keyLen) { $j = 0; }
        $ordKey = ord(substr($key,$j,1));
        $j++;
        $hash .= strrev(base_convert(dechex($ordStr + $ordKey),16,36));
    }
    return $hash;
}

function decode($string,$key) {
    $key = sha1($key);
    $strLen = strlen($string);
    $keyLen = strlen($key);
    for ($i = 0; $i < $strLen; $i+=2) {
        $ordStr = hexdec(base_convert(strrev(substr($string,$i,2)),36,16));
        if ($j == $keyLen) { $j = 0; }
        $ordKey = ord(substr($key,$j,1));
        $j++;
        $hash .= chr($ordStr - $ordKey);
    }
    return $hash;
}

?>
0

精彩评论

暂无评论...
验证码 换一张
取 消