Posted by gbbulldog on 08/29/06 15:45

WhatsPHP wrote:
> Hi
>
> For some reason, at random posts, the post variables don't get thru to
> the server. For example, if there is are two text fields: name and
> email... (I have register_globals on)... When I try to update the
> database with a query and use $name, $email, the $name is missing or
> the $email is missing. I am building an intranet application and all
> the 20 or so clients run IE. This happens very rarely. Something like
> once in 100 updates.
>
> But I can see this in the log files as update contact set name="",
> email="asda@pol.com" where contact_id=918. Notice the name field is
> blank. I have JS checks in the client side which does not allow blank
> name field..
>
> Is this an IE random error? How do I get over this?
>
> Weird Stuff

Firstly, turn register_globals off, because it's horrid. Read the PHP
manual's security entry on register_globals if you want to know why :)
This is also probably where your problems are coming from, as variables
are really easily over-written when register_globals is on.

Secondly, don't just validate in JS - validate in PHP too, as the JS
might not run as expected or may be ignored completely if a (malicious)
user decides to create their own POST to the form handler.

[Back to original message]