04-20-2008, 02:19 AM
|
#1 (permalink)
|
|
The Addict
Join Date: Jan 2008
Location: los angeles
Posts: 309
Thanks: 44
|
alternative to die() function and echo?
hi, is there an alternative to writing die functions in something like this?
Code:
if(isset($_POST['submit'])) {
if(!$_POST['txt_username'] || !$_POST['txt_password'])
{ die('the username or password was not entered'); }
}
would i be needing to learn javascript to test for empty textfields.. what im wondering is how secure can that be?
because what if someone were to grab the forms action url and make himself a local file on his desktop calling the form on his local pc with sql injection or xss.
this is what i mean
Code:
localpage.html
<form method="post" action="domain.com/forms.php">
<input type="text" name="txt_username" value=">'><script>alert('xss');</script>">
<input type="text name="txt_password" value=">'><script>alert('xss');</script>">
<input type="submit" name="submit" value="submit">
</form>
my example matching might not make sense but pretend the code i gave above is something that relates to this last peice of code.
__________________
no signature set
|
|
|
|