I understand that you should NEVER trust user input from a form, mainly due to the chance of SQL injection.
However, does this also apply to a form where the only input is from a dropdown(s) (see below)?
I'm saving the $_POST['size']
to a Session which is then used throughout the site to query the various databases (with a mysqli
Select query) and any SQL injection would definitely harm (possibly drop) them.
There is no area for typed user input to query the databases, only dropdown(s).
<form action="welcome.php" method="post">
<select name="size">
<option value="All">Select Size</option>
<option value="Large">Large</option>
<option value="Medium">Medium</option>
<option value="Small">Small</option>
</select>
<input type="submit">
</form>