On 5/6/02 6:30 AM, David vd Geer Inhuur tbv IPlib
[EMAIL PROTECTED] wrote:
Hi,
Hi David,
I am strugling with my program that list the contents of a directory.
Ones the directory contains files and you have permission it shows you a doc
icon
else it will show a directory-map followed by it's name as an a href
The problem I have now is that using the a href command will have to show
all important variables in the browsers Location.
As will a form. If they so wish, users can look at everything that is passed
to your script. They can also feed your script dummy data, so I'd be very
careful about how you allow users to view directories. You cannot rely on
your script's input to be correct -- make sure you validate it completely
inside the script, where nobody can swap values on you.
Of course, you would say.
But is there a nice possibility to keep using the a href statement without
defining the variables in the href, So I can work with the :
use CGI qw(:standard);
$userid = param(userid);
...
And get the variables without all users seeing what I need ?
They can see them no matter what.
David Gray's idea of using check boxes (or, even better, radio buttons) is a
good one. Just remember that by using a POST form, you are only keeping
your URL cleaner -- the values are still there for all to see in the HTML
code of the page.
hth,
--
Michael
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
