If it's okay I'll throw out two more questions then. 1-Probably a silly question, but is a "faux pas" if I don't do client side [javascript] validations ? 2a- Textboxes - provided I'm not allowing special characters (only alphanumeric) does this alone protect me from things like "sql injections" ? 2b- Do selects (menus, dropdowns) need to be validated for string content. aka, can crafty hackers turn these into a way to enter some funky data ? Thank you , Stuart --- Graham Cossey <graham@xxxxxxxxxxxxxxx> wrote: > Personally I would do as you suggest in 1. I would > think your users would > get rather annoyed if they had gone through several > form pages to be told at > the end of an error in form page1. > > So, page2 validates page1 etc. I would assume that > page2 already does some > processing of page1 anyway, as I believe you are > adding the for......... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
