Depends on much you want to "hack-proof" the system. Using hidden variables is sufficient for safe parameter passing, but anything that involves authentication or data that can affect the security of the system is unsafe. Far too easy to modify the page and resubmit.
I'm not completely sure of this, but I think that putting hidden variables in has the effect of tempting people who might not otherwise be interested in hacking your system.
In a site I maintain at work, I only pass a session ID in hidden variables. Each time the page is submitted, the session ID is checked in a mySQL database, and the users permissions are checked for the operation they are trying to perform. One interesting (but rarely used) side effect is that I can change a users permissions on the fly (i.e. while s/he's still logged in), and permit or yank privledges (typically, I start users with a minimum of permissions, and require them to justify any additional privledges they need).
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.