StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POForm POST or sessions?
primarykey
Id
4629628
data
AcceptedAnswerId
4629775
AnswerCount
6
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2011-01-07T19:50:03.807
FavoriteCount
0
LastActivityDate
2011-01-07T20:36:26.207
LastEditDate
2011-01-07T20:36:26.207
LastEditorUserId
567285
OwnerUserId
567285
ParentId
0
PostTypeId
1
Score
1
ViewCount
284
LastEditorDisplayName
text
Body
If you have an item where you allow users to add comments, how can you pass which item the user is replying too? I've though of using a hidden field in a form, however this can be easily changed using plugins such as firebug: <pre><code><form method="post" action="blah"> <input type="hidden" name="item_id" value="<?php echo $item_id; ?>">  <input type="submit" name="submit"> </form> </code></pre> Or just simply using a session: <pre><code>$_SESSION['item_id'] = $item_id </code></pre> Is there a safe way to send the item data in a form? Edit: This is after validation,... I do implement some XSS protection (form tokens etc). The reason I was asking was just to know what the best practise is. I though of doing something like <pre><code>$_SESSION['item_id'] = $id //this is set when they visit the current item </code></pre> then in the form have a hidden field: <pre><code><input type="hidden" name="item_id" value="<?php echo $id?>"> </code></pre> Finally check the session matches the id clicked: <pre><code>if ($_SESSION('item_id') !== $item_id) //the value posted in the form { die('There\'s got to be a morning after If we can hold on through the night We have a chance to find the sunshine Let\'s keep on looking for the light'); } </code></pre> However after reading some of your comments I guess this is a bad idea? To be fair (@Surreal Dreams): it isn't that big a deal if they do change the id, I as I've said,I was just looking for the best practice. Cheers.
Tags
<php><forms>
Title
Form POST or sessions?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USeddienotizzard
UserOwnerUserId
1. USeddienotizzard
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POForm POST or sessions?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COFor your particular application, what's the risk of the user spoofing the post id?
 singulars
 PostPostId
 POForm POST or sessions?
 UserUserId
 USSurreal Dreams

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.