I would like to secure user input, if it is text input we can simply use \[code\]filter_input\[/code\] and \[code\]mysql_real_escape_string\[/code\].My question is: Do I have to use those when variables are coming from a select box? Is it possible for some crafty user to change POST values from the browser?My select box is populated dynamically from a database. Do I still have to compare recevied data (after submit) with the database, and use \[code\]mysql_real_escape_string\[/code\] for safety?
Can a user change the input variable of a select box?
- Thread starter Tristan
- Start date