Whenever you are passing data around either in hidden form fields or cookies, it is a good idea to sign it to make sure you get back exactly what you generated.

Generating the Hash
<form action="action.php" method="POST">
<input type="hidden" name="H[name]" value="<?php echo $Oname?>"/>
<input type="hidden" name="H[age]" value="<?php echo $Oage?>"/>
<?php $sign md5('name'.$Oname.'age'.$Oage.$secret); ?>
<input type="hidden" name="hash" value="<?php echo $sign?>"" />
</form>
Validating the Hash
<?php
$str 
"";
foreach(
$_POST['H'] as $key=>$value) {
  
$str .= $key.$value;
}
if(
$_POST['hash'] != md5($str.$secret)) {
  echo 
"Hidden form data modified"; exit;
}
?>