On 12/08/2016 08:51, Lester Caine wrote:
From a practical point of view of cause, the validation of inputs may well be done in the browser so that the constraints get passed TO some html5 check, or javascript function. So having uploaded the form one COULD simply tag a variable as valid?
Just a reminder to you and anyone else reading: NEVER TRUST USER INPUT. You can add all the JS in the world to your forms, but a user can always ignore that and craft their own input with whatever data they like in it.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
