How to prevent users from inspecting a page and editing values of form elements?

Question

I have a simple drop down list of countries on a registration page this is an example:

<select id="country" name="reg_contry" class="form-control">
    <option value="Morocco" >Morocco</option>
    <option value="Algeria">Algeria</option>
    <option value="Egypt">Egypt</option>
</select>

The problem is that any user can edit this drop down list via a browser inspector and then submit the form with some fake values. For example, I don't have Germany in my list, but any user can add this country manually with the help of inspector element ( Ctrl+Shift+C )

So, how can I prevent this change? I don't want to use a condition in PHP because I have more than 100 countries, so can't verify all those countries.

Answer 1

You can't prevent the user from inspecting the website and editing the values. Anything coming from the user/clientside cannot be trusted, as it can all be manipulated in some way or another.

The only and proper way is validating it server-side, before inserting the data. Any data you submit to the database should always be verified server-side (clientside is fine in addition , but not instead of - as clientside validation can, like the HTML, be changed locally by the user).

$error = [];
if (!in_array($_POST['reg_contry'], ['Morocco', 'Algeria', 'Egypt']) {
    $error[] = 'An incorrect value for country was given';
}

if (empty($error)) {
    // Run your query and insert the data if there were no errors
}

Answer 2

You are able to actually block all right click options on a page. This will not stop them from actually going into the browser menu to access developer tools but it will make it very inconvenient for them. Create a unique page template just for the form page you are trying to block inspection and in the body tag add the following. Hope this helps.

<body oncontextmenu="return false;">