[dev] Ulaform: HTML form generation with PHP

[Keith A. Chayer]

Quoting "Brent J. Nordquist" <bjn@horde.org>:

> On Mon, 19 Feb 2001, Keith A. Chayer <kchayer@bbcnet.edu> wrote:
> 
> > where I made it somewhat configurable is that it checks for a hidden
> > form variable field (well, it doesn't have to be hidden, but you don't
> > want the user to input a destination email address for the script :) )
> 
> Hmmm, you'd better be careful; just hiding it on the form doesn't mean
> they can't manually submit it (change the URL for GET, or alter the form
> and do their own POST, etc.).  You have to have server-side checking of
> everything submitted.

Yeah, that's true, but someone that does that probably has other intentions in 
mind.  If that's the case, he can just telnet to port 25 of our mail server and 
accomplish the same purpose.  Or whatever.  Unless you're saying that someone 
could use our script to route THEIR form data through.  That's true, I just 
haven't worried about it too much.  I mean, heck, then they could just create a 
form on their site and submit it to our script...

My intent was to give the few forms we have in various web pages an easy way to 
submit their data without using the email submit option (ugh--comes from the 
browser's email address, whatever is setup on it--doesn't work well on shared 
machines particularly) or creating new scripts for everyone.

..Keith

---------- - - .
Keith A. Chayer                                         Baptist Bible College
Network Technician                                         Springfield, MO
=============================================================================
           .--.          
 ::\`--._,'.::.`._.--'/::      "Ready?  For 800 years have I trained Jedi.
 ::::.  ` __::__ '  .::::      My own council will I keep on who is ready."
 ::::::-:.`'..`'.:-::::::
 ::::::::\ `--' /::::::::              -Yoda
=============================================================================