Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
07-19-2014, 08:48 PM #1
Submit more than one Form at a time??
If a web page has multiple - yet separate - Forms on it, is there any way a user (or hacker) could submit more than one Form at a time??
I ask this, because I have a separate Form beneath each User Comment where others can give the Comment a rating.
I want to be sure that the contents of the $_POST array are pure, and only contain values from *one* of the Forms.
07-19-2014, 10:40 PM #2
Even better: As soon as your JS code detects that the user has entered ANYTHING into one of the comments, it disables all the other comment <textarea>s.
Methinks you are over-thinking this.Be yourself. No one else is as qualified.
07-19-2014, 10:42 PM #3
As for your current methodology: A hacker could trivially submit *ANYTHING* to you without regard to your <form>s. You don't need a browser to simulate posting of <form> data.
If you allow non-registered users to post comments, you are in for trouble no matter what you do.Be yourself. No one else is as qualified.
07-20-2014, 12:16 AM #4
I see you didn't die after all...
As far as your comments, me thinks your calling is databases!
07-20-2014, 07:40 PM #5
- Join Date
- Sep 2010
- Thanked 275 Times in 275 Posts
Me thinks Old Pedant's calling is the use of common sense in coding, having observed his posts for several years. And perhaps patience in explaination.Welcome to http://www.myphotowizard.net
where you can edit images, make a photo calendar, add text to images, and do much more.
When you know what you're doing it's called Engineering, when you don't know, it's called Research and Development. And you can always charge more for Research and Development.
07-20-2014, 10:28 PM #6
07-21-2014, 12:17 AM #7
Having said that: A browser user can't submit more than one <form> per page unless you have a target=xxx in your <form> (e.g., you use a <frame> as a target for the form posting). But there's not much you can do to prevent hackers from multi-posting if you don't insist on only registered users being able to post.
One more time: you are over-thinking this.
07-21-2014, 12:20 AM #8
Back...at least a little bit.
No, but it was pretty much a close thing for a while. The nurses were whispering about hospice to my wife.Be yourself. No one else is as qualified.
07-21-2014, 02:19 AM #9
2.) A user may only submit ONE COMMENT REVIEW at a time. (This is a key concept.) Each Comment will have how ever many questions (e.g. Was the comment helpful?) and - at this point - one Form associated with it. A Reviewer may certainly go through and review every Comment beneath a given Article, but they have to do it one at a time.
The goal is not to promote "assembly-line" behavior, but rather to give people a way to give feedback on really good or really crappy Comments.
That is why I chose to wrap each Comment in a Form.
I only allow "Registered Members" to "review" a Comment.
My PHP will check the database to ensure that there is only 1 Review per Member per Comment.
As far as your other comments above, I would *assume* that a user cannot submit more than one Form per click, but then again, there is probably some way to hack things?!
07-21-2014, 02:20 AM #10