Field code in the value attribute of the option

4

I have a CategoriaCNH table with the following fields CodCategoriaCNH and Descricao .

I have this code snippet html :

<select name="categoriaCnh">
    <option value="" disabled selected>CNH</option>
        @foreach($categoriaCnh as $cat)
            <option value="{{$cat->CodCategoriaCNH}}">{{$cat->Descricao}}</option>
        @endforeach
</select>

In the attribute value of option I am setting the CodCategoriaCNH that comes from my table CategoriaCNH .

The question is:

Considering security ..

Is it advisable to put CodCategoriaCNH directly into the value attribute?

Or, ideally, the attribute value has the value of the column Descricao , and in back-end do I recover CodCategoriaCNH ?

    
asked by anonymous 24.05.2016 / 03:53

1 answer

3

On the one hand,

I think it's safer in the current way, as represented in your sample code [ sample ], since only the query result is being shown.

If you try to retrieve the value later, when the form is submitted, then it may have security problems, as users can pass new values in select to be consulted later.

The query that is currently

select CodCategoriaCNH from Table group by CodCategoriaCNH

would be

select Descricao from Table group by Descricao

Then to be submitted to the bank back end again, where you would get the description and do:

select top (1) CodCategoriaCNH from Table where Descricao = :descricao

As you can see in the last query , Laravel uses PDO > for the basic database functions , then, all security precautions are taken in the queries, without any problem reported so far .

On the other hand,

I know that Laravel has the security implementations and good practices needed to create robust and secure applications, so the way it's used is up to the developer, so it's recommended to follow documentation of the framework , in addition, making a second query to the database would be more tiring and laborious for both the developer (you, OP!) and the database data (memory and processing time).

But this is only one of the points to be considered, so this "answer" is not exhaustive or even conclusive.

    
24.05.2016 / 04:29