Welcome Guest, Not a member yet? Register   Sign In
Drop Down Menus & Validation


How is the best way of protecting data from being submitted using a drop down menu? I posted my site to be tested on PHP Freaks and found that by saving the source of files, they could edit the drop down menu values and then using their new html file to submit any value they liked using my drop down fields.

Could I just use normal rules like I do with text fields?

use white lists where possible, or validate it with the database, all data from the user, can be compromised, and must me checked. You don't need to create some new html files to miss around a form, you just need the developers toolbar (Firefox), even User agents or IP addresses can be compromised, you MUST validate ALL input.

How would I create a white list? I was just going to create a callback if it doesn't match the strings in the drop down menu then I'll return FALSE with the error message.

However, some are fairly long. I would appreciate another way to do this.

if you have some values that don't change, like a gender you make a simple test

if (! in_array($this->input->post('gender'),array('male','female'))) return FALSE;

if you have many values, you can check them against a database (don't forget to escape the input) , if you have a date, check for the date to be correct, how you do it depends on what kind of data are you dealing with

Well, I have a drop down menu. The options are just country codes (eng, scot, nire, ire, wal) and others such as only numeric values, or certain text strings.

Cannot I use a callback then? I think querying the database is a bit too much just to pull a list of allowed list of text.

By the way, the drop downs are created by CI & Rapyd. I'm not creating the html form and then submitting the info. I just want to make sure I can valid the drop down menus like I can with text boxes.

Yes of course you can use callbacks to validate dropdowns.

Theme © iAndrew 2016 - Forum software by © MyBB