quote:
Originally posted by leachy08
!is_int($_POST['vote']
Thought about that too, but PHP documentation says:
quote:
Originally posted by PHP Docs
Note: To test if a variable is a number or a numeric string (such as form input, which is always a string), you must use is_numeric().
and is_numeric() says:
quote:
Originally posted by PHP Docs
Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part.
...So I'm just hard checking for 1,2,3,4 or 5 now. There is probably a prettier solution, but this will do the job
.
I reported it to PHP Arena too BTW:
(security) flaw in version 3.5.3 voting code @ paFileDB Forums.
/ 
