Form Help

LegendOfNoob · 31-10-2007, 01:50 PM

i would like to host and make my own form i know i knwo freedback
they radomly banned me i have the same coding as when i got it and didnt change...
how would i go about doing this i laready made my contact us form but this may be a bit harder i need to do like
(short)Habbo Name:
(short)Email:
(short)Program Used
(drop Down)Applying For:
(long)Qualifications:
(long)Why Should We Hire You?
and then i'm used to feedback could i have ip details sent in with apps?

Frog! · 31-10-2007, 02:03 PM

You do a hidden form for the IP

PHP Code:


<input type="hidden" id="" name="" value="<?php echo $_SERVER["REMOTE_ADDR"]; ?>" />

Invent · 31-10-2007, 05:35 PM

Never, ever, ever...ever do that.

LegendOfNoob · 31-10-2007, 08:39 PM

why? :S

Beau · 01-11-2007, 06:18 AM

In the case of hiding an IP input, don't, because simply, there is no point. You can just call for $_SERVER['REMOTE_ADDR'] when you process the script, it's not going to change.

Hidden inputs are fine for passing things such as IDs to other pages though.

DeejayMachoo$ · 01-11-2007, 09:01 AM

Originally Posted by Invent

Never, ever, ever...ever do that.

wouldnt it be better to do it in the sql query?

Beau · 01-11-2007, 09:08 AM

Originally Posted by Mattx.org

wouldnt it be better to do it in the sql query?

That's what I trying to get across above

^^

Before someone bites my head off for saying it's fine, obviously if you don't check it's a valid ID, or whether a certain user has permission to do stuff with the ID, you're in trouble. Bottom rule, even if it's defined by you (dropdowns, hidden form inputs etc), sanitize it!

Invent · 01-11-2007, 08:22 PM

If the IP used was read from the form then it is bad. That's because you can use memory editors/livebug/etc to alter input forms to any value you like.

Jamie. · 02-11-2007, 04:31 PM

Originally Posted by Invent

If the IP used was read from the form then it is bad. That's because you can use memory editors/livebug/etc to alter input forms to any value you like.

could of swore the was a way of doing that through url i may be wrong :S

Beau · 02-11-2007, 10:17 PM

Originally Posted by Jamie.

could of swore the was a way of doing that through url i may be wrong :S

If the form is using GET instead of POST, you can change the values of the form fields. However, if you're not sanitizing your GET inputs, you're asking for trouble.

Thread: Form Help

Thread Tools

Form Help

Posting Permissions