PHWinfo - Afficher un message - no empty form fields after submitting form

16/09/2007, 19h38

pepper.gabriela@gmail.com wrote:
>> You can't be sure that you'll get all the values from the form you
>> expect. Every data coming in from the client (POST, GET, ) can be
>> incomplete or manipulated.
>
>
>
> i'm in the classical little/medium site backend area sending data
> thorugh $_POST: what could cause incompleteness? Who could manipulate
> my data?
>

Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.

>
>
>> You just have to make sure that missing values don't lead to notices or
>> unexpected behaviour in your code.
>
>
>
> it is what I try to do and I'm not receiving any unexpected behavior
> at the moment :-)
>

And that means you'll never get it in the future? It's this very
thinking which leads to sites being hacked,

>
>
>>> I considered not using it because the PHP manual says it is not a good
>>> idea for $_GET, $_POST, etc.
>> Currently you're doing nearly the same.
>
>
>
> well, it's true... I couldn't find a better way, since I can't change
> the overall structure (so I can't but send data from A to B and
> viceversa)
>
>

Always validate your data.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

16/09/2007, 19h38	#18
Jerry Stuckle Messages: n/a Hébergeur:	Re: no empty form fields after submitting form pepper.gabriela@gmail.com wrote: >> You can't be sure that you'll get all the values from the form you >> expect. Every data coming in from the client (POST, GET, ) can be >> incomplete or manipulated. > > > > i'm in the classical little/medium site backend area sending data > thorugh $_POST: what could cause incompleteness? Who could manipulate > my data? > Anyone. For instance, I could post a form to your site which has anything I want on it. That's a very common way hackers get into systems. > > >> You just have to make sure that missing values don't lead to notices or >> unexpected behaviour in your code. > > > > it is what I try to do and I'm not receiving any unexpected behavior > at the moment :-) > And that means you'll never get it in the future? It's this very thinking which leads to sites being hacked, > > >>> I considered not using it because the PHP manual says it is not a good >>> idea for $_GET, $_POST, etc. >> Currently you're doing nearly the same. > > > > well, it's true... I couldn't find a better way, since I can't change > the overall structure (so I can't but send data from A to B and > viceversa) > > Always validate your data. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================