问题
I need to resend a value from a previous html form in another form so that it can be used as part of a prepared SQL statement.
However, I do not really want to use html hidden input due to potential security problems.
Anyone know of another method?
Thanks.
回答1:
Temporarily save the values in a session.
Hidden HTML inputs shouldn't cause any security problems though, as long as you properly validate them (again) before putting them in the database.
回答2:
You can save it in the session, then the user would never see the value.
回答3:
I don't believe you raise any more security risks than sending the original form.
You do have some other options, however, if you don't want to use a hidden form element:
Storing the value in a $_GET variable (not recommend, do to it being visible in the URL bar)
Using a cookie to store the variable (user could have cookies disabled)
Using sessions to store the variable server-side
来源:https://stackoverflow.com/questions/5085993/php-alternative-to-html-hidden-input