'Hidden' fields allow data submission if un-hidden using developer tools in the browser

By: James Wyatt | Asked: 01/22/2024
ForumsCategory: General questions'Hidden' fields allow data submission if un-hidden using developer tools in the browser
James WyattJames Wyatt asked 4 months ago
I have a form where some fields are set to be visible to the admin only, but can be manipulated to become visible and allow submission. Let's say it was an application form that a logged out user can submit. Within the form is a 'status' field which is set to be visible only to admins. (i.e. so that post submission, administrators can login to change the 'Status' of the application to 'Approved') However, when logged out, I can use the developer to tools to find the hidden field's HTML, change it's attributes to un-hide it, then enter 'Approved' and submit the form, and the entry submits as normal INCLUDING the status field containing 'Approved'. Does anybody know a workaround to prevent this from being possible? I guess it would require some backend validation but ideally I need a function that will apply across all forms so that I don't have write a new function for every form.

Any assistance is much appreciated, with thanks. James.

Making the Best WordPress Plugin even better - Together

Take on bigger projects with confidence knowing you have access to an entire community of Formidable Experts and Professionals who have your back when the going gets tough. You got this!
Join the community
crossarrow-right