Strange form value submitted

Peter B

I have a website which on entering it you must make a choice from a drop down menu and submit it via a form. Your choice along with a random generated ID gets stored in a database via PHP.

I only have 2 choices for this form at present, but had in the past 3 choices. The form values are either 1, 2 or 3. I have not had 3 choices in my form for 1 month+. Now when I look in my database I see someone has chosen choice 3, yesterday even though it is not on the form.

Could this have stored in the persons cache? How would I make sure the actual form values get displayed and not old data?

Gosh

include these in your HTML to prevent cacheing

<meta http-equiv="Expires" content="Fri, Jun 12 1981 08:20:00 GMT">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">

Malice

Are you validating the returned data from the form before you put it into the database? You could validate it so that a record only gets added to the database if the drop down value was 1 or 2.

If you are using "get" rather than "post" as your form method then someone could enter the query string manually as it gets appended to the url e.g. http://www.yourserver.com/index.php?formValue=3.