Answer the question
In order to leave comments, you need to log in
D
D
del9937882016-12-01 18:08:21
del993788, 2016-12-01 18:08:21
Can an attacker write something to input hidden?
Hello. I have a js script on my site that does some calculations and then outputs them to input hidden. Further, this data from input hidden is transferred to php and then to the database. Is it possible to change the text in input hidden so that this text then goes to the database?
5 answer(s)
@xmoonlight
Any important calculations must be done on the server side.
If you count something - make it an option by id-shniks, and already on the server - take values by these ID-shniks and perform any mathematical operations with them.
@bigton
@akubintsev
X
xmoonlight, 2016-12-01 @xmoonlight
I have a js script on my site that does some calculations and then outputs them to input hidden. Further, this data from input hidden is transferred to php and then to the database.OMG!!!!! It is better to immediately make a field: "enter the price" and the "buy" button.
Any important calculations must be done on the server side.
If you count something - make it an option by id-shniks, and already on the server - take values by these ID-shniks and perform any mathematical operations with them.
A
Anton B, 2016-12-01 @bigton
Maybe. Everything that comes from the user needs to be checked on the server side.
A
Alexander Kubintsev, 2016-12-01 @akubintsev
Well, what do you think, maybe or not, if you can open Google Chrome with Developer Tools and modify almost anything on the front-end?
Similar questions
G
D
N
M
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question