Hiding form variables

Anon

Hi,

Need a bit of help. I have got an html form which is passed onto a cgi script for an sms service. At present, the html form contains all the variables, such as username and password (which are hidden fields) as well as the inputted text and mobile number. Is there a way to have only a couple of the fields on view in the html form, have it sent to a php script where the other hidden fields are added, and then sent onto the cgi script. This is purely for security so nooone can see the username and password.

Any help would be appreciated,

Cheers

van__

Sessions maybe?

Anon

Why are you sending the username and password both in the hidden field ??

Because I don't think that there is any reason to pass the both. You can pass username only after validating both, But that would also not be secure because you can't hide it from the source code. so passing it in hidden field is really USELESS and INSECURE.

The best way to do it is use Cookie or Session or if you want to make it more secure that you could go further for generating some random numbers login..

For for your Sms service Cookie or session will be the best..

Good Luck
Tabish

greg252

Recently had to deal with this. If you use an if-include statement with a form action of PHP_SELF, you can hide the variables from the address bar.

Good luck

Anon

Hiding it won't work. You need to use encryption:

http://hotwired.lycos.com/webmonkey/programming/php/tutorials/tutorial1.html

Anon

hello!
maybe just post it :
<form ...... method="post">

that's also not secure but the user doesn't see the $HTTP_POST_VARS