The Experiment
As a standard practice, we include the drag and drop user_id field on every form we build. Having the data in frm_item_metas makes user id related queries easier.
We just ran an experiment on our development server to see what Formidable does with user_id values. This is the experiment:
- Added user_id to catchall play form.
- Previewed form in theme
- Opened browser inspection tool to examine user id field's HTML
The hidden user id field is cryptically displayed. You cannot know this is a user id variable without the field id number. Look for name="item_meta[1462]" where the 1462 is the id of your form's user_id field.
- Change the value="1" data-frmval="1" to different numbers. Permutations:
- value="3" data-frmval="3"
- value="3" data-frmval="1"
- value="1" data-frmval="3"
- Examine frm_items and frm_item_metas in PHPMyAdmin and compare user id fields.
- Submit entry
Results:
In each of three experiments testing permutations of the value and data-frmval combination, the outcome was the same. The user_id field in frm_items and the user_id meta field are identical. Formidable used the fake id number submitted as a test. There is no WordPress user id corresponding to the number submitted in the test. Formidable does not appear to validate the user id against the WordPress user table.
Leave a Reply