I have a combo box on my form for Gender <select style="width: 180px" name="gender" tabindex="8"> <option selected="" value="null">--- Select Gender ---</option> <option value="F">Female</option> <option value="M">Male</option> </select> HTML: What sort of php validation do i need for this combo box. I already have - if nothing is selected, it alerts the user. Can you see if you can answer these three questions please: 1. Can someone alter my code and put in something other than what is in the combo box and submit it to my database. 2. Do i need to add mysql_real_escape_string to a combo box (i obviously do if someone can alter my code) 3. Do i need to add a max length validation to the combo box Thanks for your help
1. M/F/Null should be fine 2. You would if you were just going to directly grab the input, but I would say do a check if ($_POST['var'] == 'F') $var = 'F'; else if ($_POST['var'] == 'M') $var = 'M'; else $var = ''; or something and then just insert $var instead of the part variable (although using the variable name as the same name of the posted var is bad) and that keeps your check going and prevents someone from trying to exploit the system. 3. No need to put a max length since it isn't something hta tpeople can just insert. varchar(1) or doing an enum type would work out just fine in the databsae and you'd be okay.