Do you validate drop down data when you do a form submit?
I do validiation on all the user input fields, name, address, email, etc..
but I have drop downs like STATE, COUNTRY, etc....
if you don't validate the data coming in from the drop downs is that a security risk? Can someone view source, change the option value to malicious code?
Verifying Drop Down Code?
Moderator: General Moderators
-
JPlush76
- Forum Regular
- Posts: 819
- Joined: Thu Aug 01, 2002 5:42 pm
- Location: Los Angeles, CA
- Contact:
basically I'm just doing some simple checking on the data coming in. Should I be a little more secure or do you think this is good enough?
I'm just really checking to make sure numbers and letters are submitted
Code: Select all
<?php
// Check the first name.
if (eregi ("^їa-z]+$", $_POSTї'f_first'])) {
$a = TRUE;
} else {
$a = FALSE;
$messageї] = "Please enter a first name that consists only of letters.";
}
// Check the last name.
if (eregi ("^їa-z]+$", $_POSTї'f_last'])) {
$b = TRUE;
} else {
$b = FALSE;
$messageї] = "Please enter a last name that consists only of letters.";
}
// Check the telephone
if (eregi ("^ї0-9]{10}$", $_POSTї'f_phone'])) {
$c = TRUE;
} else {
$c = FALSE;
$messageї] = "Please enter a phone number that consists only of numbers and is 10 numbers long.";
}
?>