[thelist] $_POST string
Matthew Pulis
mpulis at gmail.com
Thu Jun 3 06:44:58 CDT 2010
obviously it is very good practice that you do not use client supplied
variables straight in your script / database!!
never insert into the database some data supplied by the client without
cleaning it / escaping it! else you are really risking big time!
if u want to be paranoid you can also encode the $_POST
Matthew Pulis BSc. (Business and Computing) MSc. (Informatics)
web: www.matthewpulis.info
mob: +44 7866535953 / +356 79539404
On Thu, Jun 3, 2010 at 12:20 PM, Daniel Burke <dan.p.burke at gmail.com> wrote:
> As $_POST data is supplied by the client you can not prevent trickery.
>
> On 3 Jun 2010 07:05, "Bob Meetin" <bobm at dottedi.biz> wrote:
> > I am developing some php forms that require numerous arguments in the
> > $_POST string. This works fine. Is there anything that can be
> > reasonably done to not make all the ooohs and ahhhs display in the URL
> > address bar which might appear tempting to some viewers?
> >
> > Or perhaps better, what is a standard way to bullet-proof $_POST
> > variables to prevent trickery?
> >
> > -Bob
> > --
> >
> > * * Please support the community that supports you. * *
> > http://evolt.org/help_support_evolt/
> >
> > For unsubscribe and other options, including the Tip Harvester
> > and archives of thelist go to: http://lists.evolt.org
> > Workers of the Web, evolt !
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>
More information about the thelist
mailing list