True. That's why I said: > > then you can check whether the value > > is_numeric() or something.
I think this narrows down what you're checking. So, if you send me "any value" my script would just reject it. Besides, this is just a hint--there are many ways to validate. Of course, you know that... :) > > Or, even if it's a text field, perhaps you can > > use some regex to make sure that you only accept certain characters. > > (i.e. alphabet, etc.) ;) - E "John W. Holmes" <[EMAIL PROTECTED]> wrote: > [snip] > > There are many places (websites) wherein you can choose the country > from a > > pulldown menu. This prevents somebody (somehow) from posting something > > illegal. Besides, if the values assigned are numbers (e.g. <option > > value="100">My Country</option>) then you can check whether the value > > is_numeric() or something. Or, even if it's a text field, perhaps you > can > > use some regex to make sure that you only accept certain characters. > (i.e. > > alphabet, etc.) > > A drop down doesn't save you from validating what the user sent. Just > because your form has a drop down, it doesn't mean the one I re-create > on my page has one (while I'm spoofing HTTP_REFERRER, mind you). It may > have a text box so I can send you any value. > > ---John Holmes.. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php