I was using something like this:
& lt; Input type = "hidden" name = "id" value = "1, 3, 5" /> & Lt; Input type = "hidden" name = "cost" value = "350" /> But I was thinking, someone could change the cost to say "3" and pays $ 3.00 for it. So I was wondering if a secure (SP) option would be set when they load the pages, then sessions have a value, such as:
& lt;? Not set ($ _ session ['baskettotal']); Not set ($ _ session ['basketids']); $ _SESSION ['TOKCHITAL'] = $ GREAT; $ _SESSION ['basketies'] = intestine (",", $ id); ? & Gt; & Lt; Input type = "hidden" name = "hash" value = "& lt;? = Md5 ('stackoverflow'. $ _ Session ['topical']. $ _ Session ['basketies']) ;; & gt; / & Gt; By & lt;? If ($ _POST ['hash']) = (MD5 ('stackworflow'. $ _ Session ['cartil']. $ _ Session ['basket'])) {resonant "error"; die ();} ? & Gt; Is this a good way to do it? As they can not edit the sessions, what's in their basket, as stored in the hidden input fields Opposed to what they can manipulate easily?
You are right, doing this This is a good way of doing.
1 ) Create a session in which all values have a hash of that value.
2) When the form is submitted, calculate the hash of values from the form and compare them against one during the session. If they are the same, the user does not change anything ... If they are different, then obviously the user has made some changes.
Just to clarify, the user can not change any variable of the session, although you are stored in the cookie for example, the user might edit the hash through that cookie (Since it is stored on client side, as opposed to server side with sessions).
An example can be: $ _ session ['form_data'] = md5 ("randomolt 123". $ FormValue1. $ FormValue2); and when the user submits the form:
if ($ _ session ['form_data'] == md5 ('randomsalt123'. $ _ POST ['Form_value_1']. $ _ POST ['form_value_2'])) {// Valid submission} other {// invalid}
Comments
Post a Comment