> -Original Message-
> From: rjc [mailto:[EMAIL PROTECTED]
> Sent: 30 October 2004 23:35
> To: [EMAIL PROTECTED]
> Subject: [PHP] Security: Forms and displaying invalid data
>
>
> I have a form, that takes user input, and was wondering what are your
> thoughts of redisplaying user input back on the page after validation
> has failed.
>
[snip]
>
> Some options that I have come up with are:
> 1. Displaying previous data (or empty field) for example if user is
> editing something.
> 2. Just displaying exactly what they entered again on the screen.
> 3. Stripping out certain undesirable characters before displaying.
Personally I get really pd off when a form errors and does not return
any of my original entries, especially the larger ones. However, I
understand not re-displaying any 'sensitive' entries such as passwords,
security phrases etc. as they can aid the 'hackers'.
I would not strip out anything you won't accept as you could be giving clues
to the unscrupulous users as to what you will and won't accept.
Graham
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
