Is it safe to rely on the data of a html input field set to readonly? What is the purpose of a readonly field? I know the disabled fields are not pushed to $_POST whereas readonly are? Essentially what I want is a dynamic value in my form that is unchangeable to the user. Would it be more appropriate to place this in session or what options do I have? EDIT: As some below have mentioned storing this in session is a better idea, although after reading Storing objects in session I am concerned about performance and overloading the server with session data. Any suggestions? Would is be safe to just unset() any session data no longer needed. (Similar to memory management but on the session level? Delete what you do not need.)
HTML input readonly security risk?
- Thread starter VokyRoamy
- Start date