Is it considered bad practice to give HTML form names the same name as table field names? I am creating some dynamic sql insert queries, and I'm currently using some sort of regex to change the names in the corresponding fields of the database based on the fact that I feel it might be unsafe otherwise, what are your opinions?
I wrote a function to execute queries INSERTfor me, and it depends on this fact. He accepts the names of variables $_POSTand INSERTin the appropriate columns.
INSERT
$_POST
OP, , , , first_name, firstname, first.
first_name,
firstname,
first.
, , , , . !
!
, , . , , - , . , , , , . .
Names should be readable enough, and yet “unpredictable” (with the absence of a better term) is enough so that the attacker could not guess the private parts.
Names do not really matter, but the_users_passwordeither is a good name for the password field passphrase_for_account.
the_users_password
passphrase_for_account