I need to resend a value from a previous html form in another form so that it can be used as part of a prepared SQL statement.
However, I do not really want to use html hidden input due to potential security problems.
Anyone know of another method?
Thanks.
Temporarily save the values in a session.
Hidden HTML inputs shouldn't cause any security problems though, as long as you properly validate them (again) before putting them in the database.
You can save it in the session, then the user would never see the value.
I don't believe you raise any more security risks than sending the original form.
You do have some other options, however, if you don't want to use a hidden form element:
Storing the value in a $_GET variable (not recommend, do to it being visible in the URL bar)
Using a cookie to store the variable (user could have cookies disabled)
Using sessions to store the variable server-side
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 该账号已被封号 的文章《PHP - alternative to html hidden input》','https://www.manongdao.com/article-475619.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}