Same name for form fields & database table fields?

I wrote a function to do INSERT queries for me, and it depends on that fact. It takes the $_POST variable names and INSERTs them into their corresponding columns.

As said in the comment on the OP, it doesn't matter, and in most cases, saves you time going back to remember if you used first_name, firstname, or first.

Also, keep in mind that your users will never see the database column names, and they will only see the form names if they view the source. Therefore, there's not much to worry about!

Good luck!

I think this can help you reduce the coding you need to do. Even though it looks like a vulnerability, what most important thing is to check the values coming from the users for malicious data. I don't think it could be harmful since knowing which DB fields you are using doesn't give much to the hackers. They still need to hack into the DB server to access your data.

The names should be readable enough for you to read, and yet "unpredictable" (with a lack of a better term) enough for an attacker not being able to guess the private parts.

Form names don't really matter, but a good name for a password field would be the_users_password or passphrase_for_account.