I have an explore script. A character comes along and wants to trade with you.
So anyways the hidden data is the trader's id.
So
echo ' <form action="post">
<input type="hidden" name="traderid" value="'.$tid.'">
<input type="submit" name="trading" value="Trade">
</form> ';


thats what the form looks like.
With firefox's page editor add-ons, someone can change the id of the trader. Is there a secure way to pass this information?

There is a firefox add on for that? Very interesting... do you know the name of it?

There's a few.
Search results of it (https://addons.mozilla.org/en-US/firefox/search/?q=edit+page&cat=all)
Firebug and page hacker are popular ones.
I just now browsed upon cookie editor addons too..but I believe the sessions are hashed so its not too vulnerable
Edit cookies search (https://addons.mozilla.org/en-US/firefox/search/?q=edit+session&cat=all&x=0&y=0)
>.> I wonder if anything is safe with all these addons

Use sessions and / or a database.

Hidden fields should only be used for things which aren't of great significance if the user changes it for whatever reason. Also you should always check the input is what you expect when the data is submitted.

So should the session be made, and put into the form, then decoded? or is that unsafe.

How did you resolve it?

So should the session be made, and put into the form, then decoded? or is that unsafe.
No look up using session variables in PHP. You won't need to put in any extra data into the form.