Whenever you are passing data around either in hidden form fields or cookies, it is a good idea to sign it to make sure you get back exactly what you generated.

Generating the Hash
<form action="action.php" method="POST">
<input type="hidden" name="H[name]" value="<?php echo $Oname?>"/>
<input type="hidden" name="H[age]" value="<?php echo $Oage?>"/>
<?php $sign md5('name'.$Oname.'age'.$Oage.$secret); ?>
<input type="hidden" name="hash" value="<?php echo $sign?>"" />
</form>
Validating the Hash
<?php
$str "";
foreach($_POST['H'] as $key=>$value) {
  $str .= $key.$value;
}
if($_POST['hash'] != md5($str.$secret)) {
  echo "Hidden form data modified"; exit;
}
?>