tags:

views:

59

answers:

1
Q: 

How would I make a Zend_Form_Element_Hidden tag immutable?

I have a value that needs to be set in the form for processing, but I do not want the user to be able to edit this value. A hidden element will mostly fit my needs, but I'm concerned a clever user could enable the hidden field and change it.

Is there a validator or setting on the Hidden element that would require the submitted form value to be the same as when the form was rendered?

I don't think setIgnore(true) fits my situation, as I do need Zend_Form to read that variable when processing the form.

Also as far as I know the setAttrib('readonly', true) will not work either as this is just an HTML setting that can easily be overridden by the client.

A: 

You can't rely on any data being POSTed back by a user. Even if there was some magical way to control the form, someone could still forge a POST request to your submit URL with a different value for that field if they want to. Your best bet would probably be to store the value in the session instead, or at least store the value in the session and compare it to the submitted hidden field value.

Tim Fountain  2010-09-03 16:35:35
I was hoping Zend Framework had some magical element that would allow me to set this (rather than using a session variable). I think you are correct, I'll just have to ensure the POST'd variable is sane.
nvoyageur  2010-09-04 02:33:41

related questions

Would you override ScriptControl or BaseValidator for an async ASP.NET validator control?
Handling HttpRequestValidationException gracefully and ASP.net AJAX compatible?
How to Dynamically Generate String Validation?
Validate email address in Javascript?
Data Validation Design Patterns
Strong Validation in WPF
How to evaluate an IP?
Validating a HUGE XML file
Validate (X)HTML in Python
ValidationRule To Enforce Unique Name
Checking if userinput is a valid URI in XUL
XML Parser Validation Report
Email SMTP validator
MVC - where to implement form validation (server-side)?
How do you remove invalid hexadecimal characters from an XML-based data source prior to constructing an XmlReader or XPathDocument that uses the data?
How to check set of files conform to a naming scheme
What's the best way to implement field validation using ASP.NET MVC?
How do I validate xml against a DTD file in Python
What's the best way to validate an XML file against an XSD file?
Problem databinding an ASP.Net AJAX toolkit MaskedEditExtender
Validating posted form data in the ASP.NET MVC framework
Best method for varchar date validation in Sybase (T-SQL)?
How important is W3C XHTML/CSS validation when finalizing work?
How far should one take e-mail address validation?
ASP .Net Custom Client-Side Validation