brent123456 Posted October 11, 2007 Share Posted October 11, 2007 I am having my site tested for security and one of the problems was being able to edit the drop down boxes with arbitray values I was wondering if someone could help me understand how to prevent this. Thanks. Link to comment https://forums.phpfreaks.com/topic/72834-changing-the-value-of-a-drop-down-box/ Share on other sites More sharing options...
micah1701 Posted October 11, 2007 Share Posted October 11, 2007 perhaps you could show the code or at least better explain the problem. Link to comment https://forums.phpfreaks.com/topic/72834-changing-the-value-of-a-drop-down-box/#findComment-367320 Share on other sites More sharing options...
marcus Posted October 11, 2007 Share Posted October 11, 2007 When posting the form check to see if the value of the selection is one of the valid ones. So if you're using a SQL query: $sel = $_POST['sel']; if($sel){ $sql = "SELECT * FROM `table` WHERE `this`='$sel'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "Doesn't exist"; }else { echo "Exists"; } } Link to comment https://forums.phpfreaks.com/topic/72834-changing-the-value-of-a-drop-down-box/#findComment-367322 Share on other sites More sharing options...
brent123456 Posted October 11, 2007 Author Share Posted October 11, 2007 That is excellent advice. Thank you. Link to comment https://forums.phpfreaks.com/topic/72834-changing-the-value-of-a-drop-down-box/#findComment-367346 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.