| Mike Ford 2004-09-22, 3:56 pm |
| > -----Original Message-----
> From: John Holmes [mailto:holmes072000@charter.net]
> Sent: 22 September 2004 16:39
>
> From: "Ford, Mike" <M.Ford@leedsmet.ac.uk>
> $_POST['state'] will
>
> But remember that the form comes from the client. Just
> because you create
> the form with "state[]", that doesn't mean I'm going to send
> it that way. ;)
Yeah, true -- I have a very bad tendency to forget about security considerations like that until someone reminds me (often a posting on this list does it ;). Just because I have a well-defined set of well-behaved users...!!
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: m.ford@leedsmet.ac.uk
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
|