Usando valor oculto en lugar de $ _GET o $ _REQUEST

I have been using hidden values for forms.

Ejemplo:

 <form method="post" action="page.php">
 <input type="text" name="name""
 <input type="hidden" name="book_id" value="$bookid">
 <input type="button">
 </form>

$bookid es la $_GET valor por book.php?id=34324

Entonces en lugar de hacer page.php?id=$bookid Estoy utilizando $bookid in hidden field.

My Question: Is it harmful if i use hidden values vs using $GET or $POST in the form action?

preguntado el 08 de noviembre de 11 a las 16:11

Hidden values are perfectly fine for propagating data from one form to another. You may also consider storing the data in the user's session. -

@Digital there is no point in propagating data from one form to another. -

@Col. Shrapnel: Sure there is, we've used it from time to time. -

2 Respuestas

To answer your question: no it is not harmful to use hidden inputs in this way.

To fix the supplied code you need to give your hidden input a name and change the method to GET:

 <?php
 if(array_key_exists('id', $_GET)) {
     $bookid = (int) $_GET['id'];
 }
 ?>

 <form method="get" action="page.php">
     <input type="text" name="name">
     <input type="hidden" name="id" value="<?php echo $bookid; ?>">
     <input type="button">
 </form>

respondido 08 nov., 11:20

It is important to sanitise any user input though, as this example does by converting $_GET['id'] to an integer. A more general alternative is htmlspecialchars(): <input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']); ?>"> - thelem

Question is: is it harmful if i use hidden values vs using $GET or $POST in the form action?

The answer is: actually you will have your hidden value either in the $_GET or $_POST array according to the chosen method. And no, there is no harm in using hidden inputs. Though there is no gains either.

respondido 08 nov., 11:20

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.