i recently found out about "local storage" and i've had questions concerning it, i have a form and in that form i have several hidden fields containing ids i do not want to display to the user, the ids are submitted when the form is posted. I was wondering if instead of using the hidden fields i could instead store those ids in local storage then post them along with the form data on submit to the server. The ids are all loaded from the server on pageload. Which is more secure and how do i implement it if i am to use local storage. i try as much as possible to keep the use of database ids only on the server side.
This is an example of a hidden field with an id:
<input type="hidden" value="<?php echo $book_id; ?>" />
Neither of these methods are 'secure' if you take 'secure' to mean "Don't let the user muck with them."
If you want to be 'secure', then you are validating everything that the user POSTs to your server to be sure they have legitimate access to what they're trying to submit. Local Storage and Hidden Fields are the same from a security standpoint -- neither are secure from tampering.
Never Trust User Input.