Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Automatically unsetting submit values from $_POST + safety issue?
Automatically unsetting submit values from $_POST + safety issue?
  • El Forum
    Guest
  •  
#5
06-16-2008, 08:29 AM

[eluser]xwero[/eluser]
it's very easy to post a form with tempered values and keys. There is even a developer firefox add-on that makes it possible to post a form.

The validation only picks up the fields you have added, it doesn't care about the other fields in the post array.

the isset check could be moved up, then you get this
Code:
if( ! in_array($field,$excluded_fields) && isset($_POST[$field]) )
{
   $insert[$field] = $_POST[$field];
}
It is better because then you only add the values that exist in the post field an not all fields in the post array.


Messages In This Thread
Automatically unsetting submit values from $_POST + safety issue? - by El Forum - 06-16-2008, 08:29 AM



Theme © iAndrew 2016 - Forum software by © MyBB