[eluser]boltsabre[/eluser]
Code:
$options = array(
'' => '- Select state -',
'Alabama' => 'Alabama',
'Florida' => 'Florida',
'California' => 'California',
);
Now "select state" has no value
Code:
$this->form_validation->set_rules('state', 'State', 'required');
Now this will fail validation if user doesn't select a state because "select state" doesn't have a value.
You really should have some more validation in there, bad people can still alter post/form details. At the very least: "trim|required|alpha".
Problem is though... if your state names reference a table column or something, and it gets changed to "Im a malicious a state" it will break your SQL code, throwing errors and stuff. I'd personally change your state values to numeric values (via an array or someting), that way you can change your validation to something like (if you had 14 states for example:
trim|required|numeric|greater_than[0]|less_than[15]
This way it's impossible for the user to submit anything other than a value you'd expect.
Data cleansing / validation is PARAMOUNT. Do everything in your power to ensure user input only matches what you'd expect.