> -----Original Message----- > From: rjc [mailto:lists@xxxxxxxxxx] > Sent: 30 October 2004 23:35 > To: php-general@xxxxxxxxxxxxx > Subject: Security: Forms and displaying invalid data > > > I have a form, that takes user input, and was wondering what are your > thoughts of redisplaying user input back on the page after validation > has failed. > [snip] > > Some options that I have come up with are: > 1. Displaying previous data (or empty field) for example if user is > editing something. > 2. Just displaying exactly what they entered again on the screen. > 3. Stripping out certain undesirable characters before displaying. Personally I get really p****d off when a form errors and does not return any of my original entries, especially the larger ones. However, I understand not re-displaying any 'sensitive' entries such as passwords, security phrases etc. as they can aid the 'hackers'. I would not strip out anything you won't accept as you could be giving clues to the unscrupulous users as to what you will and won't accept. Graham -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
