In my site, users can only modify their personal information only once a day. Script-side, I determine if they are allowed to (i.e. check with the database if it's been 24 hours since the last modification) and whether or not to display the form.My question is, could a malicious user manage to submit information if there's no form? In other words, if there is no \[code\]FORM element\[/code\] no data should be submitted by the user's browser, right?What I'm afraid of is that if someone manages to send the data, the script would still process it and change the personal information when it shouldn't.
Can a malicious user submit data if there is no form?
- Thread starter daanrack
- Start date