On Fri, April 21, 2006 7:09 pm, Nicolas Verhaeghe wrote: > So far, I have rarely seen people entering fake data into shopping > carts or > online forms. Why? Because most people don't have time to waste > screwing > around filling online form with junk. You have been very very very lucky, then. Because there are a zillion bots out there making all kinds of crazy POSTs to everybody's forms, trying to abuse our FORMs to: send junk email post links to on-line casinos and other regionally illegal e-ventures post links to pay-per-view and pay-per-click affiliate sites Those CAPTCHA thingies (where you have to type the letters) are not just for fun. It's only a matter of time before CAPTCHA is useless. Data validation and sanitzation is not just to stop the Good Guys who make typos, but also the Bad Guys who are attempting to abuse your site. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
