Why does it matter if the ID is in the source? As long as the "value" isn't in the source it should be safe right?
Although, since the filenames have to be unique, why not just query the database with the filename? -- katy, who's probably missing something, being a security novice and all -- but then, i guess that's why i have to ask questions. -- On 5/22/05, Marian Briones <[EMAIL PROTECTED]> wrote: > > ... > I have a database table with these fields: ID, value, and filename. > The ID is the autoincrement primary key to identify the image, the > value is the actual letters and numbers (string) which appears on the > image. So when the form is submitted, I have a hidden field (which is > what scares me) that carries that particular images ID with it to > query up the value. Are you with me? > > I don't like having the hidden field because it isn't hidden at all if > the user views the source, of course, and I'm wondering what more > secure way I could do this verification without this huge security > snafu. Someone will probably tell me and I'll bang my head against my > desk saying duh, so I'll go get my helmet... > > Thanks... > > Marian > > -- ~~+++~~ + no matter where you go, there you are + ~~+++~~ [Non-text portions of this message have been removed] Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
