Posted by Jerry Stuckle on 09/16/07 17:38

pepper.gabriela@gmail.com wrote:
>> You can't be sure that you'll get all the values from the form you
>> expect. Every data coming in from the client (POST, GET, cookies) can be
>> incomplete or manipulated.
>
>
>
> i'm in the classical little/medium site backend area sending data
> thorugh $_POST: what could cause incompleteness? Who could manipulate
> my data?
>

Anyone. For instance, I could post a form to your site which has
anything I want on it. That's a very common way hackers get into systems.

>
>
>> You just have to make sure that missing values don't lead to notices or
>> unexpected behaviour in your code.
>
>
>
> it is what I try to do and I'm not receiving any unexpected behavior
> at the moment :-)
>

And that means you'll never get it in the future? It's this very
thinking which leads to sites being hacked,

>
>
>>> I considered not using it because the PHP manual says it is not a good
>>> idea for $_GET, $_POST, etc.
>> Currently you're doing nearly the same.
>
>
>
> well, it's true... I couldn't find a better way, since I can't change
> the overall structure (so I can't but send data from A to B and
> viceversa)
>
>

Always validate your data.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]