I was working on a site and noticed something that concerned me. This is fodder for TheDailyWTF and makes me worry for the fate of any person who receives the results of forms with [non-]“validation” like this. The form element: <select name="favorite-color"> <option>Favorite Color – Choose One</option> <option value="blue">Blue</option> <option value="red">Red</option> <option value="orange">Orange</option> <option value="green">Green</option> <option value="black">Black</option> </select> Here is what was in the processing script: switch ($_POST["favorite-color"]) { case "blue": case "red": case "orange": case "green": case "black": $data["favorite-color"] = $_POST["favorite-color"]; break; } … //data is appended to a string – matt's comment not a "real" comment in the script $string .= $data['favorite-color']; So… What is wrong with this? OMG what isn’t wrong with it? The select… » Read More