> -----Original Message-----
> From: John Holmes [mailto:[EMAIL PROTECTED] 
> Sent: 22 September 2004 16:39
> 
> From: "Ford, Mike" <[EMAIL PROTECTED]>
> >>    if (is_array($_POST['state'])){
> >
> > This check isn't really necessary in PHP, since 
> $_POST['state'] will 
> > *always* be an array if the form field has NAME='state[]', even if 
> > only 1 is selected.
> 
> But remember that the form comes from the client. Just 
> because you create 
> the form with "state[]", that doesn't mean I'm going to send 
> it that way. ;)

Yeah, true -- I have a very bad tendency to forget about security considerations like 
that until someone reminds me (often a posting on this list does it ;).  Just because 
I have a well-defined set of well-behaved users...!!

Cheers!

Mike

---------------------------------------------------------------------
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services, JG125, James Graham 
Building, Leeds Metropolitan University, Headingley Campus, LEEDS,  LS6 3QS,  United 
Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730      Fax:  +44 113 283 3211

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to