How did user bypass select option in my site's item entry?

[floridaflatlander]

A php freak came into my site and did some testing for me and entered an item without a category, categories are 1 or greater than 1 and he entered a category of 0.

 

I have since placed a query in the code to check the values of the categories entered but I was wondering how he did it, so I ask the question in the title.

How did a user bypass the select option?

 

[mac_gyver]

all external data can be anything that someone or a bot script chooses to submit, cannot be trusted, and must be validated to insure it is an expected value or within an expected range of values.

 

someone or a bot script doesn't need your form at all in order to submit data to your form processing code.

[Ch0cu3r]

This most probably happened due to poor validation. You are not checking to make sure that the category is valid before inserting your record into to the database.

[JIXO]

For answering how, there are many ways to manipulate a post request.

 

If you've FireFox installed, download Tamper Data extension and see for your self, its simple enough.

[floridaflatlander]

Thanks all