Jump to content

[SOLVED] Bypassing selects


Recommended Posts

I have a profile system which allows members to input info and save it to the database for there profile


A few fields are SELECTS




Favourite Music


So for instance


From (England, Scotland, Wales, Ireland)


THat works fine, but what happens if someone makes a html document and injects code




Then posts it to my php that excutes and writes to the database


In essance they can bypass the select I have and input what ever data they want


Whats the best way around that, I was going to use a SET in the database structure but one of the selects has about 90 options


Ideas guys?

Link to comment
Share on other sites

Im not bothered about them entering HTML etc, I just dont want them to be able to add there own content


I want them to only be able to select the cotent I have decided on via the drop down list where as some people are creating forms locally and posting them to my php for execution

Link to comment
Share on other sites

Simply check the posted vars against an array of valid options. eg;



  $valid = array('foo','bar','bob');
  if (!in_array($valid,$_POST['options'])) {
    echo "option not valid";


Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.