In my form, I ask how many accessories? and then have an input box. Just for the heck of it I hit the 9 key and held it for a second. When I submitted it the page was crunching for over a minute so I finally used task manager and close the browser.
So I set the max length to 2, if they have more then 10 accessories there is something fishy anyways, so I have a limit of 99. Is my solution safe enough or can my form be easily exploited?
Code: Select all
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action="test_form.php" method="post">
<input type="text" name="field_count" size="2" maxlength="2" value="<?php echo $_POST['field_count']; ?>">
<input name="submit" value="Go" type="submit" onClick="document.add_marginworksheet.submit()">
<table>
<?PHP
$field_count = $_POST['field_count'];
for($i= 1;$i <= $field_count;++$i)
{
echo "
<tr>
<td align=left width=90>Model:<br><input type=text size=10 name=\"model_$i\" value=\"".$_POST['model_'.$i]."\"></td>
<td align=left width=90>Description:<br><input type=text size=10 name=\"description_$i\" value=\"".$_POST['description_'.$i]."\"></td>
<td align=right width=90>Price:<br><input type=text size=10 name=\"price_$i\" value=\"".$_POST['price_'.$i]."\"></td>
</tr> ";
};
?>
</table>
<input type="submit" value="submit" name="Submit">
</form>
</body>
</html>