[snip] > There are many places (websites) wherein you can choose the country from a > pulldown menu. This prevents somebody (somehow) from posting something > illegal. Besides, if the values assigned are numbers (e.g. <option > value="100">My Country</option>) then you can check whether the value > is_numeric() or something. Or, even if it's a text field, perhaps you can > use some regex to make sure that you only accept certain characters. (i.e. > alphabet, etc.)
A drop down doesn't save you from validating what the user sent. Just because your form has a drop down, it doesn't mean the one I re-create on my page has one (while I'm spoofing HTTP_REFERRER, mind you). It may have a text box so I can send you any value. ---John Holmes.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
