Help passing _POST Form Data PHP

I apologize in advance, I am a PHP noob!

I have form with some hidden fields. I need the values to POST to "submit_rma.php" so that they're not missing from the db--I need $qty, $estmate_id and $rma_type.

The rest of the fields are just displaying data for the user and are readonly. Currently I only get value from the qty text field.

Is there any easier way to pass these values? URL is out of the question due to security issues.

<form method="post" action="submit_rma.php";> 
<table>
   <tr>
      <td>
         Quantity
      </td>
      <td>
         <input type="text" name="qty" value="<?php echo $qty ?>" size="1"/><br/>
      </td>
   </tr>
   <tr>
      <td>
          Part #
      </td>
      <td>
         <input type="text" name="" value="<?php echo $model ?>" size="8" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Description
      </td>
      <td>
         <input type="text" name="" value="<?php echo $name_EN ?>" size="50" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Paid Date
      </td>
      <td>
         <input type="text" name="" value="<?php echo $sold_date ?>" size="6" READONLY/><br/>
      </td>
   </tr>
   <tr>
      <td>
         Amount Each
      </td>
      <td>
         <input type="text" name="" value="<?php echo $dealer_price ?>" size="8" READONLY/>
      </td>
   </tr>
</table>
         <input type="hidden" name="estmate_id" value="<?php echo $estmate_开发者_开发问答id ?>">
         <input type="hidden" name="rma_type" value="Short Shipped">
         <input type="submit" name="submit";">
</form>

Maybe use a hidden <INPUT>:

<input type="hidden" name="qty" value="<?= $qty ?>">

This won't show anything to the user. If you're unfamiliar, <?= x ?> is effectively equivalent to: <?php echo x; ?>.

However, this is a security problem, as an attacker could craft a fake request and put a different value into the field (sidestepping your page and doing the request directly). You should try and get the value some other way, such as through running the INSERT on page generation, then using an UPDATE on the POST, or something like that.

Am I pointing out the obvious to say that you forgot NAME attributes for all of the text boxes after "qty"? The values won't persist beyond this page if the names aren't there :-)