btw_nc Posted February 18, 2011 Share Posted February 18, 2011 Is there any way using only PHP? The problem is that I don't have access to the form processor, or to MySQL. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted February 18, 2011 Share Posted February 18, 2011 What do you mean "using only PHP?" Form fields are HTML. Whatever prints the HTML is what needs to change. Quote Link to comment Share on other sites More sharing options...
btw_nc Posted February 18, 2011 Author Share Posted February 18, 2011 OK, it's an HTML form on a page that can use PHP. Without the form processing script being involved, there's no way the data in the hidden fields can be concealed from a casual observer, is there? Quote Link to comment Share on other sites More sharing options...
jcbones Posted February 18, 2011 Share Posted February 18, 2011 Pull it using javascript, will usually hide it (or at least create more steps to see it). Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted February 18, 2011 Share Posted February 18, 2011 OK, it's an HTML form on a page that can use PHP. That's still not exactly clear. Do you have the ability to change the PHP that creates the HTML form or not? If you can change the PHP, you can insert some of these form fields using obfuscated javascript, as mentioned. there's no way the data in the hidden fields can be concealed from a casual observer, is there?Depends on the definition of "casual." Hidden form fields are concealed from 90% of the population. Hidden form fields injected in JavaScript are hidden from 95% of the population. -Dan Quote Link to comment Share on other sites More sharing options...
btw_nc Posted February 18, 2011 Author Share Posted February 18, 2011 That's still not exactly clear. Do you have the ability to change the PHP that creates the HTML form or not? The form is not created by php; it is not inside php tags. Yes, I can place/edit php on the page. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted February 18, 2011 Share Posted February 18, 2011 If you can change the PHP, you can insert some of these form fields using obfuscated javascript, as mentioned.That still applies. if you have the ability to change the file that actually displays the form, you can change these hidden inputs into javascript calls that inject the inputs into the form. Quote Link to comment Share on other sites More sharing options...
btw_nc Posted February 21, 2011 Author Share Posted February 21, 2011 cURL should work OK. Tnx for input. Quote Link to comment Share on other sites More sharing options...
silkfire Posted February 21, 2011 Share Posted February 21, 2011 cURL is not used to store data. Use session no one can access the variables in there. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted February 22, 2011 Share Posted February 22, 2011 cURL should work OK. Tnx for input.cURL has nothing to do with this conversation at all. cURL is a server-side function in PHP. It does not run on the client, and will not help you obfuscate HTML form elements. What are you actually trying to do? Quote Link to comment Share on other sites More sharing options...
btw_nc Posted February 22, 2011 Author Share Posted February 22, 2011 My form > someone else's processing script Only problem is, I need to include 3 static hidden fields when the form is submitted: My form > intermediate page with cURL which, in addition to the $_POST fields, adds the required hidden fields and submits the data > someone else's processing script Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.