Hi Bob, I must have missed this before - good 'ol Yahoo! I've googled for different variations of what you suggest, but am getting lost in the new terminology ;-(
What do others here use to make their forms safe please? Is anyone able to give a brief start? Form: http://www.130605.com/8 Code: http://www.130605.com/8.phps Chris. --- In [email protected], "Bob" <[EMAIL PROTECTED]> wrote: > > Hi Chris, > No, it's not safe yet. > Before you get into validating the data, using extract($_POST); is dangerous as it is. It allows variables to be guessed, then sent to your page. > > You could use extract($_POST, EXTR_IF EXISTS); > after previously setting all the variable you are letting through. > Some set these to $name=""; > I read an article somewhere that you should give it value, like $name="X"; > Not sure why it would make a difference though? > > Some say that a list of $name=$_POST['name']; etc is best, as this makes it easy to see what variables are being used, especially for someone updating the page later. > > You can extract $_POST variables in a function, but it would be best for you to start simple. > To strip tags, you would use $name=strip_tags($name); > or > $message = strip_tags($_POST['message']); > > There isn't a "one fix" piece of code that will suit everyone. > You need to Google for a tutorial on using a form with php, or something like that. > Bob. > > Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
