Re: CGI form data validation

You make the assumption that someone could very well have altered the contents of your html form in the most dangerous possible way. You think of every way that they could have altered it and check each and every parameter to ensure that it has valid values, regardless of what the form looked like.

Comment on Re: CGI form data validation

Replies are listed 'Best First'.
Re: Re: CGI form data validation by Happy-the-monk (Canon) on Mar 28, 2004 at 15:55 UTC
You think of every way that they could have altered it [...] Having quite some imagination, that's an endless task. I would rather advise not to care if anybody has tempered with the form, but only focus on making sure that the expected values that were filled in are inside their required range and only contain quality input: Simply throw away all other data submitted that you don't expect/need.	[reply]

Replies are listed 'Best First'.

Re: Re: CGI form data validation
by Happy-the-monk (Canon) on Mar 28, 2004 at 15:55 UTC

You think of every way that they could have altered it [...]
Having quite some imagination, that's an endless task.

I would rather advise not to care if anybody has tempered with the form, but
only focus on making sure that the expected values that were filled in

are inside their required range and
only contain quality input:

[reply]