> -----Original Message----- > From: John Holmes [mailto:[EMAIL PROTECTED] > Sent: 22 September 2004 16:39 > > From: "Ford, Mike" <[EMAIL PROTECTED]> > >> if (is_array($_POST['state'])){ > > > > This check isn't really necessary in PHP, since > $_POST['state'] will > > *always* be an array if the form field has NAME='state[]', even if > > only 1 is selected. > > But remember that the form comes from the client. Just > because you create > the form with "state[]", that doesn't mean I'm going to send > it that way. ;)
Yeah, true -- I have a very bad tendency to forget about security considerations like that until someone reminds me (often a posting on this list does it ;). Just because I have a well-defined set of well-behaved users...!! Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
