William Stokes wrote:
Hello,
Can someone tell me what wrong or to how to manage this?
//default
$limitorig = 10;
echo "<select name=\"USRlimitorig\">";
echo "<option selected value=>$limitorig</option>";
echo "<option>10</option>";
echo "<option>20</option>";
echo "<option>30</option>";
echo <input type=\"submit\" name=\"resetlimit\" value=\"GO\">";
Something like this would be better:
$limitorig = 10;
$options = array('10', '20', '30');
if (isset($_POST['limitorig']) && in_array($_POST['limitorig'], $options)) {
$limitorig = $_POST['limitorig'];
}
foreach ($options as $option) {
$selected = '';
if ($option == $limitorig) {
$selected = ' SELECTED';
}
echo '<option value="' . $option . '" ' . $selected . '>' . $option .
'</option>';
}
might be a bit long winded but you can easily add more to the array, the
in_array check makes sure nobody tries to hack the script by entering
dummy values (or by creating their own script to submit the form) and it
should also stop xss attacks.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
