Validate input from drop down box

Question

I have a drop down box which is pulling data from my database. when a user inputs data , should I still validate the drop down data on the server?

Answer 1

An easy way to validate it is...

<?php

$array = array(1 => 'a', 2 => 'b');

if ($_POST) {

   if ( ! in_array($_POST['choose'], array_keys($array)) {
       echo 'Invalid input';
   }

}

?>

<form action="?" method="post">
    <select name="choose">
    <?php foreach($array as $value => $node): ?>
       <option value="<?php echo $value; ?>"><?php echo $node; ?></option>
    <?php endforeach; ?>
    </select>
</form>

Which you must do, otherwise it may as well be a text input :)

Answer 2

Yes. Always validate any information you are receiving from a client if you are storing, reading or performing some operation based on that data. Someone can always spoof a request not using a browser at all.