pb1uk Posted February 11, 2010 Report Share Posted February 11, 2010 Hello all, I'm experiencing a problem with a form on my website. The form inserts a record into a table in my database. I have a field where the user enters a value. I need the same value to be input into a hidden field on the form. My code is: For the visible field: Player value: currently for the hidden field: The question marks are where i can't figure it out Quote Link to comment Share on other sites More sharing options...
administrator Posted February 11, 2010 Report Share Posted February 11, 2010 You would do this with DOM scripting .. you need to learn some Javascript. That said, why do you need to do this? If you have the value in one HTML form element ... why would you need to place the same value elsewhere? :/ Stefan Quote Link to comment Share on other sites More sharing options...
pb1uk Posted February 11, 2010 Author Report Share Posted February 11, 2010 You would do this with DOM scripting .. you need to learn some Javascript. That said, why do you need to do this? If you have the value in one HTML form element ... why would you need to place the same value elsewhere? :/ Stefan I'm entering a player into the database. Thevalue enterred by the user if the club that the player plays for and is submitted as an integer value into the database. The hidden value is the club kit id. It has to be the same so the kit matches the club if that makes sense. Is there a way to do it with a line of php code? Quote Link to comment Share on other sites More sharing options...
pb1uk Posted February 11, 2010 Author Report Share Posted February 11, 2010 I have managed to solve the problem, thanks for the point in the right direction. I put in the following function: function CopyValue(obj1, obj2) { var visibleField = obj1; obj2.value = visibleField.value; } then add the following command: onSubmit="CopyValue(clubid_gk, clubkit_gks)" and finally the hidden field code: Quote Link to comment Share on other sites More sharing options...
krillz Posted February 11, 2010 Report Share Posted February 11, 2010 make sure to control the integrity of the hidden html field, and do not assume that just because it's hidden it automatically is out of reach to people. Better to control it twice, and at the serverside is a most. So in short get a habbit of not trusting the users. Quote Link to comment Share on other sites More sharing options...
pb1uk Posted February 12, 2010 Author Report Share Posted February 12, 2010 make sure to control the integrity of the hidden html field, and do not assume that just because it's hidden it automatically is out of reach to people. Better to control it twice, and at the serverside is a most. So in short get a habbit of not trusting the users. The form is only for adding a player to a fantasy game and will only be used by the administrator. For other forms on my site, how would i achieve what you've stated above? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 12, 2010 Report Share Posted February 12, 2010 For other forms on my site, how would i achieve what you've stated above? I believe what Krillz is saying is that you don't assume that whatever input the form is giving you is valid -- the values of hidden forms and similar can be easily changed if the user wants to. The key to PHP security is basically "don't trust your users." Better to control it twice, and at the serverside is a most. It may be fine within your administrative system, but don't rely 100% on javascript (again, that can be changed by the user). Always make sure to double check the data using PHP. Quote Link to comment Share on other sites More sharing options...
administrator Posted February 12, 2010 Report Share Posted February 12, 2010 It may be fine within your administrative system, but don't rely 100% on javascript (again, that can be changed by the user). Always make sure to double check the data using PHP. Yep ... exactly. Javascript should only be used as a support (i.e.: improves the user experience) to your back-end code. In other words, it should never be the only language used to check/confirm user input ... Javascript is too easily defeated. Stefan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.