In a form I have a Submit button , which have a value of a INDEX of a row on which operation is going to be performed. But now my most concern is if some one for fun changed this VALUE of button (By inspecting code in browser and then editing it's code) then my inputs will be saved in that INCORRECT ROW. so how can I make this thing SAFE please relate your inserts with following example ?
I have an exam table
Fill Marks of students
Form to fill marks
a <input name='marklist'>
d <input name='marklist'>
<input type submit name=‘submit_info’ value=‘4(INDEX)’>
1 | dec 2013 |a,b,c,d |
4 | dec 2014 |a,b,c,d |
All the end user has to do is to setup a local proxy on their machine, catch and hold the HTTP POST in the proxy, and modify it however they desire, and release the modified POST back to your web server. There is no way to prevent the client from submitting a submit_info value of whatever they want.
The only way to "secure" this would be the code running on the server that processes the POST. The server side would need to do verification checks that the content of
submit_info is acceptable.
And to do what it sounds like you want to do, that require a check of the POST against what the web server sent to the client, and that would require saving (persisting) the "state" of the session.
There are several mechanisms that can be used to save the state of the web session. Some frameworks (such as Django) save the web session state in the database.
Bottom line... you can't prevent nefarious POST contents from being sent to your web server.