Field code in option value attribute

Question

Field code in option value attribute

Asked 8 years, 1 month ago

Viewed 58 times

4

I have a table CategoriaCNH with the following fields CodCategoriaCNH and Descricao.

and I have this piece of code html:

<select name="categoriaCnh">
    <option value="" disabled selected>CNH</option>
        @foreach($categoriaCnh as $cat)
            <option value="{{$cat->CodCategoriaCNH}}">{{$cat->Descricao}}</option>
        @endforeach
</select>

In the attribute value of option I’m setting the CodCategoriaCNH that comes from my table CategoriaCNH.

The point is:

Taking into consideration safety..

It is advisable to put the CodCategoriaCNH thus directly in the attribute value?

Or the ideal would be the attribute value have the value of the column Descricao, and in the back-end I get the CodCategoriaCNH ?

1

I don’t see much problem in exposing the id, especially if it’s something like A, AB, etc. What’s your specific concern?

– gmsantos

2016/05/24 at 03:17
@gmsantos, my concern is, exposing the ID will be at some security risk? if it is possible to have security holes exposing the ID..

– MeuChapeu

2016/05/24 at 10:19

1 answer

Browser other questions tagged php laravel laravel-blade

You are not signed in. Login or sign up in order to post.

by StillBuggin • **2,012** points · Answer 1 · 2016-05-24T02:29:25+00:00

On the one hand,

I think I’m safer in the current way, as represented in your sample code [sample], since only the result of the query is being shown.

If you try to recover the value later, when the form is submitted, then yes may have security issues, since users can pass new values on select to be consulted later.

To query which is currently

select CodCategoriaCNH from Table group by CodCategoriaCNH

would be

select Descricao from Table group by Descricao

to then be submitted to the back end bank again, where you would pick up the description and do:

select top (1) CodCategoriaCNH from Table where Descricao = :descricao

As you can see at last query, Laravel uses PDO for the basic database functions, then, all safety precautions are adopted in the consultations, without any problem reported so far.

On the other hand,

I know that Laravel has the security implementations and best practices necessary to create robust and safe applications, so how it is used is up to those who are developing, and it is recommended to follow the framework documentation, Moreover, making a second database query would be more tiring and laborious both for the developer, (you, OP! ) how much for the database (memory and processing time).

But this is only one of the points to be considered, and therefore this "answer" is not exhaustive or even conclusive.