www.webdeveloper.com
Results 1 to 6 of 6

Thread: mysql_real_escape_string on remember me checkbox?

  1. #1
    Join Date
    Apr 2012
    Posts
    110

    Question mysql_real_escape_string on remember me checkbox?

    do you need to use mysql_real_escape_string on a remember me check box? is there any way the user could change the value? I guess it wouldn't hurt to do it anyways...

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    Yes, a "user" could change the value by submitting his/her own http request, totally bypassing what's in your form.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Apr 2012
    Posts
    110
    you mean through the URL, using get?

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    Or via cURL using post, or just creating their own HTML form with the action URL and form field names matching what's on your form page -- which is why you can never depend on client-side (i.e. JavaScript) validation for any important form validation.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Apr 2012
    Posts
    4
    Why don't you simply have PHP check what the value of what the server receives?

  6. #6
    Join Date
    Apr 2012
    Posts
    110
    i guess that is another possibility.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles