mysql_real_escape_string on remember me checkbox?

**droidus** · 04-30-2012, 12:01 PM

do you need to use mysql_real_escape_string on a remember me check box? is there any way the user could change the value? I guess it wouldn't hurt to do it anyways...

**NogDog** · 04-30-2012, 12:43 PM

Yes, a "user" could change the value by submitting his/her own http request, totally bypassing what's in your form.

**droidus** · 04-30-2012, 12:44 PM

you mean through the URL, using get?

**NogDog** · 04-30-2012, 07:09 PM

Or via cURL using post, or just creating their own HTML form with the action URL and form field names matching what's on your form page -- which is why you can never depend on client-side (i.e. JavaScript) validation for any important form validation.

**3DSHub** · 04-30-2012, 11:35 PM

Why don't you simply have PHP check what the value of what the server receives?

**droidus** · 05-01-2012, 10:19 AM

i guess that is another possibility.

Thread: mysql_real_escape_string on remember me checkbox?

Thread Tools

Display

mysql_real_escape_string on remember me checkbox?

Thread Information

Users Browsing this Thread

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions