Computer Science Canada Limiting Form accepts |
| Author: | JSBN [ Sat Jun 25, 2005 10:00 pm ] |
| Post subject: | Limiting Form accepts |
how do i limit my forms to only accept data comming from my server(localhost) and not other's PC's (so that others can dl the page, edit it and change hte data that can be sent) |
|
| Author: | wtd [ Sat Jun 25, 2005 10:12 pm ] |
| Post subject: | |
You can't. Just sanity check the input on the server. |
|
| Author: | md [ Sun Jun 26, 2005 11:05 am ] |
| Post subject: | |
If you check the IP of the client when you get the form data you can limit to any IP (or range thereof) you want. |
|
| Author: | wtd [ Mon Jun 27, 2005 4:01 pm ] |
| Post subject: | |
And none of that is correct. What you need to do is make sure the input isn't something bad. Let's say I have a form which lets someone send an e-mail. Your basic "contact us" form. I should not let the user specify the e-mail address manually. Instead, I have a list of names (or titles, like "webmaster"). When someone sends the form, they send one of the names/titles and my script associates that with an e-mail address. If the name or title isn't one of the possibilities, I print back an error message and ask them to fill in the form again. That way, even if someone submits the form from another location, it all gets processed by the same script, and the script always has a chance to discard bad input. |
|