When a user clicks on my green button, I need Javascript to detect this and pass the $UserID and $ActivityID to the server to be stored in the database.
But what's the best way for JS to securely get this info and send it to the server? I've been hiding variables in the HTML:
HTML:
<div class="green-button">Add it</div>
<input type="hidden" class="u" value = " <?php $UserID ?> "/>
<input type="hidden" class="a" value = " <?php $ActivityID ?> "/>
jQuery:
jQuery('.green-button').click(function(event){
var $UserID = jQuery(this).siblings('input').hasClass('u').attr('value');
var $ActivityID = jQuery(this).siblings('input').hasClass('a').attr('value');
// rest of the code...
However, this doesn't seem secure. What if someone uses Firebug to change the HTML and then clicks on the button? Won't garbage be written into the dbase?
Thanks for the tips.