TheFilmGod Posted January 27, 2011 Share Posted January 27, 2011 Is it necessary to validate data when let's say - adding a rating to the mysql via ajax? Is it possible for a hacker to send an ajax request via POST to begin with? Link to comment https://forums.phpfreaks.com/topic/225824-necessary-to-validate-post-data/ Share on other sites More sharing options...
l4nc3r Posted January 28, 2011 Share Posted January 28, 2011 Yeah, it is possible to hack with POST variables. Basically ANY information users submit to your site can be modified so as to hack. The way I prevent hacking with AJAX is I send a request to put some data in a database. If the data does not check out (after processing with a PHP script), I send back an <errormessage> node with a relevant error message. If it does check out, I send back a <success /> node. I wrote a pretty brief/general post on checking user input on my blog, you might find it useful: http://www.ironcoding.com/?p=37. Link to comment https://forums.phpfreaks.com/topic/225824-necessary-to-validate-post-data/#findComment-1166327 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.