At 1:53 PM -0600 12/11/09, Kelly Jones wrote:
-snip-
Is this a new idea, or have people done this before?
Not a new idea, nor one that is useful -- no offense meant.
I can prevent form hacking by simply checking and scrubbing incoming
data without resorting to encryption.
Security techniqu
Suppose you have the following array:
*
*
which is used to generate the following "Select":
*
Tehran
Isfahan
Tabriz
*
You can check whether the submitted value is valid or not, using the
following code:
*if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!in_array($_POST['city'], $cit
On Fri, Dec 11, 2009 at 3:34 PM, Michael Shadle wrote:
> On Fri, Dec 11, 2009 at 12:29 PM, Mattias Thorslund
> wrote:
>> Kelly Jones wrote:
>>>
>>> If you have an HTML form select field xyz with possible values
>>> "apple", "banana", and "cucumber", anyone can easily set xyz to an
>>> arbitrary v
you don't necessarily need encryption, you could use digests instead
and issue a use-once ticket as well.
On Fri, Dec 11, 2009 at 12:29 PM, Mattias Thorslund
wrote:
> Kelly Jones wrote:
>>
>> If you have an HTML form select field xyz with possible values
>> "apple", "banana", and "cucumber", anyo
Kelly Jones wrote:
If you have an HTML form select field xyz with possible values
"apple", "banana", and "cucumber", anyone can easily set xyz to an
arbitrary value.
To prevent this, I create a hidden field code[xyz] with value:
base64_encode(mcrypt_ecb(
MCRYPT_RIJNDAEL_256,$salt,"apple,banana,
If you have an HTML form select field xyz with possible values
"apple", "banana", and "cucumber", anyone can easily set xyz to an
arbitrary value.
To prevent this, I create a hidden field code[xyz] with value:
base64_encode(mcrypt_ecb(
MCRYPT_RIJNDAEL_256,$salt,"apple,banana,cucumber",MCRYPT_ENCR
6 matches
Mail list logo
