Access Control
Access Control
Dont forget to validate data not only on type, but on Access Control
./my_settings.php?uid=345
Be careful of unexpected inputs
Select account: <select name="view_account">
<option>123456789</option>
<option>987654321</option>
</select>
./?vew_account=66666666
Data Indirection
Data stored server side and indirect indexed data passed to client
Select account: <select name="vew_account">
<option value="1">123456789</option>
<option value="2">987654321</option>
</select>
