Hi Bruce,<br><br><div style="visibility: hidden; display: inline;" id="avg_ls_inline_popup"></div><style type="text/css">#avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px 0px; margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-wrap: break-word; color: black; font-size: 10px; text-align: left; line-height: 13px;}</style><div class="gmail_quote">
On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce <span dir="ltr"><<a href="mailto:bruceb444@gmail.com">bruceb444@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><div><div><font face="verdana, arial, helvetica, sans-serif" size="4"><span style="border-collapse: collapse; font-size: 14px;">I have my html/php file set so that the input field only takes 3 digit 3 digit 4 digit (NPA, NXX, Block) so your purposal of: </span></font><span style="font-family: arial,sans-serif; font-size: 13px; border-collapse: collapse;"><b>'201,0); drop database YOUR_DATABASE'; </b>would fail due to big length and also I tested with inputing letters and my IF function caught it and exited.</span></div>
<div><font face="verdana, arial, helvetica, sans-serif" size="4"><span style="border-collapse: collapse; font-size: 14px;"><br></span></font></div><div><span style="font-family: verdana,arial,helvetica,sans-serif; font-size: 14px; border-collapse: collapse;">Further more, everything else (other than phone input fields) is drop down boxes with specific numbers or letters inserted in them. I should be 100% safe with those right?</span></div>
</div></blockquote><div><br>Another moment of trepidation should be triggered when you use the words "input field" as related to forms.<br><br>While most people will use an ordinary web browser and whatever fields you provide, hackers aren't most people. Anyone wanting to break your site isn't going to be nice and follow the nice rules and use the forms which might have validation.<br>
<br>Even beginner not-nicers can put together a simple form with your POST as their target and whatever field lengths and values as they want.<br><br>You have to treat all input as hostile, since it all can be. It's the only way you can be safe.<br>
<br>Thanks,<br>Gerald<br></div></div>