Jump to content

[SOLVED] Bypassing selects


jaymc

Recommended Posts

I have a profile system which allows members to input info and save it to the database for there profile

 

A few fields are SELECTS

 

From

Sexuality

Favourite Music

 

So for instance

 

From (England, Scotland, Wales, Ireland)

 

THat works fine, but what happens if someone makes a html document and injects code

 

<OPTION>HACK HAHA</OPTION>

 

Then posts it to my php that excutes and writes to the database

 

In essance they can bypass the select I have and input what ever data they want

 

Whats the best way around that, I was going to use a SET in the database structure but one of the selects has about 90 options

 

Ideas guys?

Link to comment
Share on other sites

Im not bothered about them entering HTML etc, I just dont want them to be able to add there own content

 

I want them to only be able to select the cotent I have decided on via the drop down list where as some people are creating forms locally and posting them to my php for execution

Link to comment
Share on other sites

Simply check the posted vars against an array of valid options. eg;

 

<?php

  $valid = array('foo','bar','bob');
  if (!in_array($valid,$_POST['options'])) {
    echo "option not valid";
  }

?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.