Just a thought...
If you have a database in your back end you could set a table for your
prices and then reference them via their keys in your hidden elements or
your cookies. That way if the would-be bad person were to tinker with your
code it could work out to your advantage by them getting charged a possibly
larger amount :c)
But yes, form values don't come up out of thin air. Either hard code them
in your script (a nightmare to maintain) or use a database, flat file or
something.
Like I said.. just a thought.
HTH
Gonz
At 00:34 04/11/2001, you wrote:
>Purcell, Scott <[EMAIL PROTECTED]> wrote:
>
> > I have some hidden prices that must be hidden in a cgi page. but even if I
> > use the hidden form element people can source them and check out the
> prices.
> > And that would be bad.
> > I though I could set a param, but It doesn't seem to work.
>
>CGI.pm parameters aren't passed by magic. They have to be in
>the form elements or in the URL.
>
>If you have information that you don't want people to see, the
>only thing to do is not to send it to them. You might need
>to rethink your process. Why does the cost have to be in the
>page in the first place?
>
>--
>Keith C. Ivey <[EMAIL PROTECTED]>
>Washington, DC
>_______________________________________________
>Perl-Win32-Web mailing list
>[EMAIL PROTECTED]
>http://listserv.ActiveState.com/mailman/listinfo/perl-win32-web
_______________________________________________
Perl-Win32-Web mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-web
