On Tuesday 18 March 2003 17:24, Christian Rosentreter wrote:
> use
>
>     <input type="hidden" name="<name>" value="<your sensitve data>">
>
> for transporting sensitive data.

That is not secure at all. 

> > can edit it and
> > update the database.
> > now I am running into walls. Some of the data is sensitive
> > and can't be
> > changed. But the only way I know how to display data
> > so that it can't be edited directly is in a normal table
> > format or print.

For the data that cannot/should not be changed, quite simply do not accept 
that value from the user. Just re-read its value from your own records.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Where it is a duty to worship the sun it is pretty sure to be a crime to
examine the laws of heat.
                -- Christopher Morley
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to