On Mon, 10 Mar 2003, Dan Phiffer wrote: > Am I correct in my understanding that for a multi-select input, PHP requires > that the name attribute end with square brackets (i.e. <select > name="my_select[] multiple>") in order for the submission be handled > properly?
As far as I know, that is correct. I'd love to hear otherwise. > I know this is somewhat nit-picky, but this seems to unnecessarily expose > the underlying technology such that scanning the HTML source reveals that a > PHP script will ultimately parse the submission. Unless you're ashamed to be running php, or don't intend to be spending as much time on security as you should, why would this be an issue? If your app is well-written, the knowledge that it's implemented with php shouldn't benefit a potential attacker. You know what they say about security through obscurity... > I'm hoping there's some alternative technique I've missed... I guess you could use javascript to create/set individual hidden form fields for the items selected, but if the user has javascript disabled your form ceases to function. mh. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
