Hi, we've searched the forums but unable to find a relevant thread regarding this.
On our website we have a basic form with pre-filled hidden fields. These fields have the attribute value="anyvalue" and type="hidden" on the frontend form, and when submitted an entry will be saved in the database table with these field values. Eg, one of these hidden fields are the submitting user's userid.
However, it is possible to alter the value of these hidden fields (eg by using "inspect" on Chrome browser) before submitting them - in effect, a user is able to save an entry in the database with a different userid.
What are the ways to prevent such "hacks"? We thought validation might be the way to go (check that submitted data matches the pre-filled data for these fields), but we're unsure how to go about this. Or is there a simpler way of doing this that we're missing?
On our website we have a basic form with pre-filled hidden fields. These fields have the attribute value="anyvalue" and type="hidden" on the frontend form, and when submitted an entry will be saved in the database table with these field values. Eg, one of these hidden fields are the submitting user's userid.
However, it is possible to alter the value of these hidden fields (eg by using "inspect" on Chrome browser) before submitting them - in effect, a user is able to save an entry in the database with a different userid.
What are the ways to prevent such "hacks"? We thought validation might be the way to go (check that submitted data matches the pre-filled data for these fields), but we're unsure how to go about this. Or is there a simpler way of doing this that we're missing?