do you need to use mysql_real_escape_string on a remember me check box? is there any way the user could change the value? I guess it wouldn't hurt to do it anyways...
Printable View
do you need to use mysql_real_escape_string on a remember me check box? is there any way the user could change the value? I guess it wouldn't hurt to do it anyways...
Yes, a "user" could change the value by submitting his/her own http request, totally bypassing what's in your form.
you mean through the URL, using get?
Or via cURL using post, or just creating their own HTML form with the action URL and form field names matching what's on your form page -- which is why you can never depend on client-side (i.e. JavaScript) validation for any important form validation.
Why don't you simply have PHP check what the value of what the server receives?
i guess that is another possibility.
