Hi,
Thursday, June 12, 2003, 12:25:05 AM, you wrote:
AH> for example i have form with a dropdown selection as shown below.
AH>
AH>
AH> 1
AH> 2
AH> 3
AH> 4
AH> 5
AH>
AH>
AH> Just say I have a function to generate form fields based on the total variable
from above... so
AH> function gen
At 16:43 11-6-03, you wrote:
Thanks for your recommendations, what if they use page.php?$_POST[$total]?
$_POST is made by PHP and you can rely on it to be safe for such tricks,
especially because your trick will not even work with normal arrays.
instead of $toal?? wouldn't the outcome be the sam
ginal Message -
From: "Chris Hayes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 11, 2003 3:34 PM
Subject: Re: [PHP] prevent modifying querystring
> 1st step: read out form results from $_POST['total'] (possible since PHP
> 4.10),
1st step: read out form results from $_POST['total'] (possible since PHP
4.10), not from $total. Variables added to the url will not be in the
$_POST array but in $_GET.
When reading the form result, make sure the referering page is from your
own site, or else they can simply make their own fo
for example i have form with a dropdown selection as shown below.
1
2
3
4
5
Just say I have a function to generate form fields based on the total variable from
above... so
function generate($total){
for ($total = 1; $i <= $total; $i++) {
print "\n";
}
}
how do you prevent someone
5 matches
Mail list logo
