> There are many places (websites) wherein you can choose the country
> pulldown menu. This prevents somebody (somehow) from posting something
> illegal. Besides, if the values assigned are numbers (e.g. <option
> value="100">My Country</option>) then you can check whether the value
> is_numeric() or something. Or, even if it's a text field, perhaps you
> use some regex to make sure that you only accept certain characters.
> alphabet, etc.)
A drop down doesn't save you from validating what the user sent. Just
because your form has a drop down, it doesn't mean the one I re-create
on my page has one (while I'm spoofing HTTP_REFERRER, mind you). It may
have a text box so I can send you any value.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php