I am trying to get a variable from JavaScript to PHP but I heard that this is not secure because people can use softwares to change the POST data. What can I do to pass JavaScript variable into PHP securely? Do I use Sessions? Cookies?
Thank you
>Solution :
The mechanism used to send data from the client to the server is irrelevant. POST or otherwise, the risks are the same.
There are two classes of people you might care about changing data being sent from the browser to the server.
Third parties
e.g. A man in the middle attack intercepting the data and rewriting it. The defence against this is to use HTTPS and not plain HTTP.
The user of the browser
As far as web developers should be concerned, the user and the browser are one.
The browser is a piece of software completely under the control of the user.
If the user wants to change the data that their browser is sending to the server, then they can. There is nothing you can do about that.
You mentioned sessions.
A session can store data on the server, and then have it be retrieved in a subsequent request.
This allows you to prevent the user from changing data that originates on the server.
There is nothing you can do to stop them changing data that originates on the client.