Suppose you have the following array:
*
?php
$cities = array(Tehran, Isfahan, Tabriz);
?*
which is used to generate the following Select:
*select name=city
option value=TehranTehran/option
option value=IsfahanIsfahan/option
option value=TabrizTabriz/option
/select*
You can check
At 1:53 PM -0600 12/11/09, Kelly Jones wrote:
-snip-
Is this a new idea, or have people done this before?
Not a new idea, nor one that is useful -- no offense meant.
I can prevent form hacking by simply checking and scrubbing incoming
data without resorting to encryption.
Security
If you have an HTML form select field xyz with possible values
apple, banana, and cucumber, anyone can easily set xyz to an
arbitrary value.
To prevent this, I create a hidden field code[xyz] with value:
base64_encode(mcrypt_ecb(
MCRYPT_RIJNDAEL_256,$salt,apple,banana,cucumber,MCRYPT_ENCRYPT));
Kelly Jones wrote:
If you have an HTML form select field xyz with possible values
apple, banana, and cucumber, anyone can easily set xyz to an
arbitrary value.
To prevent this, I create a hidden field code[xyz] with value:
base64_encode(mcrypt_ecb(
you don't necessarily need encryption, you could use digests instead
and issue a use-once ticket as well.
On Fri, Dec 11, 2009 at 12:29 PM, Mattias Thorslund
matt...@thorslund.us wrote:
Kelly Jones wrote:
If you have an HTML form select field xyz with possible values
apple, banana, and
On Fri, Dec 11, 2009 at 3:34 PM, Michael Shadle mike...@gmail.com wrote:
On Fri, Dec 11, 2009 at 12:29 PM, Mattias Thorslund
matt...@thorslund.us wrote:
Kelly Jones wrote:
If you have an HTML form select field xyz with possible values
apple, banana, and cucumber, anyone can easily set xyz to
6 matches
Mail list logo
