Should you do validation checks that go outside the possiblility of normal user activity?

Posted by Scarface on Stack Overflow See other posts from Stack Overflow or by Scarface
Published on 2010-04-10T03:21:16Z Indexed on 2010/04/10 3:23 UTC
Read the original article Hit count: 424

Filed under:
|

Hey guys I have been thinking about form security a lot lately. I have been told time and time again to check if form input is a number if you are expecting a number or escape it in case (unless you use proper mysqli formatting) to avoid injection.

1.After the safety checks are done, should I do additional logic checks? For example, if the user is sending a friend request to them-self for example even if my user interface will not show the form if the user is looking at their own page.

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql