how can i secure the select tag from bad entry ex: select tag for countries
6 1131
how can i secure the select tag from bad entry ex: select tag for countries
That's better if you can explain the problem statement more, probably with an example. Its really not clear enough for me (us).
I'm having select tag that have countries names.
EX: i want to stop the user from entring any data when he useing the page offline.
I know that any one can save the page and can work on it offline and can enter bad data how can i solve this problem.
[HTML]
<select name="select" id="select">
<option>Canada</option>
<option>China</option>
<option>United States</option>
</select>
[/HTML]
Match the domains using $_SERVER['HTTP_REFERER'] before execute the back end scripts. Read this article and the comments too.
Match the domains using $_SERVER['HTTP_REFERER'] before execute the back end scripts. Read this article and the comments too.
There are circumstances where this will not be sufficient. See the PHP manual on this superglobal
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Solution could be to generate the options content at the server side, e.g. using PHP from an array. After submission of the form the option can then be checked, server-side, against the array values.
Ronald
Heya, smartic.
On the database side, you should be using either a primary key or an ENUM for the country field. This makes it physically impossible to store invalid data.
It sounds like the reason that you are worried about it being used offline is because people could change the HTML. I'm assuming that means you are unaware about the fact that this can be done live, as well as the posted data being altered before it is posted to the server.
This issue was one of the reasons that I built my form handler (it's not public yet, sorry). A simple solution would be to make sure you know all of the valid options and then check the posted value against them.
[php]$validOptions = array('China', 'Canada', 'United States');
if (!empty($_POST['country'])) {
if (in_array($_POST['country'], $validOptions)) {
echo 'You have made a valid selection.';
} else {
echo 'Error!';
}
}
echo '<select name="country">' . "\n";
foreach ($validOptions as $option) {
echo ' <option value="' . $option . '">' . $option . '</option>' . "\n";
}
echo '</select>' . "\n";[/php]
That's not tested, so... Test it. :P
Sign in to post your reply or Sign up for a free account.
Similar topics
by: David McNab |
last post by:
Hi,
I'm writing a web app framework which stores pickles in client cookies.
The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
tampering with the cookie and malforming...
|
by: James |
last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it...
|
by: Wm. Scott Miller |
last post by:
Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice...
|
by: Mark Goosen |
last post by:
Hi ive installed wse 2.0 SP3 and was running throught the demo downlaoded on
the Securing the Username Token with WSE 2.0 page the Securing the Username
Token with WSE 2.0.
Im spose to change...
|
by: Frank Mutze |
last post by:
hello
Is there a method to forbid an attacker to exploit download.php
in grabbing some "sensitive" file ?
I mean using that kind of trick
...
|
by: KJ |
last post by:
Hello All,
I have to secure my first real B2B web service. Could you please
provide some guidance as to which method of security I should use. One
caveat is that we will not be using SSL on the...
|
by: Avis |
last post by:
I am doing a website for a dog breeder. I need to protect pictures and text. I have disabled right click, used the meta tag:
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
disabled select text, so...
|
by: =?Utf-8?B?QW1tZXI=?= |
last post by:
I've read many incomplete opinions about the "Best Practice" for securely
accessing SQL but what I really need to find the "Best Practice" that fits my
applications needs.
Currently (alpha...
|
by: Les Desser |
last post by:
In article
<fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The
Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes
Not sure if I quite follow that.
1....
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |