Hi,
Thursday, June 12, 2003, 12:25:05 AM, you wrote:
AH> for example i have form with a dropdown selection as shown below.
AH> <FORM action="action.php">
AH> <SELECT name="total">
AH> <OPTION>1</OPTION>
AH> <OPTION>2</OPTION>
AH> <OPTION>3</OPTION>
AH> <OPTION>4</OPTION>
AH> <OPTION>5</OPTION>
AH> </SELECT>
AH> </FORM>
AH> Just say I have a function to generate form fields based on the total variable
from above... so
AH> function generate($total){
AH> for ($total = 1; $i <= $total; $i++) {
AH> print "<input type="text" name="$total">\n";
AH> }
AH> }
AH> how do you prevent someone modifying querystring like:
AH> page.php?total=100 and hitting ENTER
AH> Now rather than 5 options you have 120 options...
AH> How do you tackle this problem??
AH> any suggestion?
AH> Thanks
AH> Awlad
encrypt the values and it becomes impossible to fox
<SELECT name="total">
<OPTION value="<?php encode(1)?>">1</OPTION>
<OPTION value="<?php encode(2)?>">2</OPTION>
<OPTION value="<?php encode(3)?>">3</OPTION>
<OPTION value="<?php encode(4)?>">4</OPTION>
<OPTION value="<?php encode(5)?>">5</OPTION>
</SELECT>
Then decode the posted values and if they are not a number or outside
the range abort and try again
(you will have to write the encode decode functions using mcrypt (slow
on a lot of values) or your own system)
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
