pass values to another scipt
Hi! I am using one script to secure the members area and offer several search functions for am mysql database. another script offers the possibility to update data in this database. Botth scripts require the user to ennter name, lastname and password. Now I want to enable the user to get straight to the update function without having to enter name, lastname and password (he already entered one time) again. How can I pass those already collected values on to another script using a link (a href)? Or how can i do that at all? Thanks for your help, Sven -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
pass values to another scipt
Hi All,
I am currently having the same problems as Sven. I tried to get some info on it as
wel, but it seems a difficult one.
I have made a simple example to explain it a little :
HTML-CODE:
---
html
form method=post action=/cgi-bin/david/1.cgi
table
input type=hidden name=hide1 value=secure
input type=hidden name=hide2 value=very secure
trtdplease enter your First name /tdtdinput type=text name=userid/td/tr
trtdPlease enter your Last name /tdtdinput type=password name=pw/td/tr
trtda href=/cgi-bin/david/1.cgiPlease try this one/a/td/tr
trtdinput type=submit/td/tr
/table/form
/html
--
Perl-script:
---
#!/user/cadiclab/bin/perl
use CGI qw(:standard);
$first = param('userid');
$last = param('pw');
$hide1 = param('hide1');
$hide2 = param('hide2');
print header,
start_html(-BGCOLOR=#99),
start_form;
print Hallo userid: $first with password: $last brbr;
print Hidden fields are; brbrField1: $hide1 brField2: $hide2 br;
print end_form,
hr;
--
Ones I hit the submit button the cgi-script does it all for me.
He tells me who I am and he prints the hidden fields.
Ones I hit the a href the params are not read within my cgi-script ?
Not the input type=text and not the input type=hidden.
Is there a way to get this working ?
Any other solutions to a more secure way of solving this are welcome too !
P.S.: I need the links to browse through directory's and do stuff with it.
A submit button instead of a a href does not look very fancy :)
Best Regards,
David van der Geer
Hi!
I am using one script to secure the members area and offer several
search functions for am mysql database. another script offers the
possibility to update data in this database. Botth scripts require the
user to ennter name, lastname and password.
Now I want to enable the user to get straight to the update function
without having to enter name, lastname and password (he already entered
one time) again.
How can I pass those already collected values on to another script using
a link (a href)?
Or how can i do that at all?
Thanks for your help,
Sven
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: pass values to another scipt
Ok, i found out how to pass a few arguments to the other script:
a
href=collectformdata.cgi?action=fetchf_name=$f_namef_surname=$f_surname
Update�/a
The only problem I have left is that the variables are not passed on.
Once I put names in there, it works just fine, but I do need those
variables to work.
if I would get any tips on this I'd really appreciate it
Sven
On Tuesday, May 14, 2002, at 04:36 PM, David vd Geer Inhuur tbv IPlib
wrote:
Hi All,
I am currently having the same problems as Sven. I tried to get some
info on it as
wel, but it seems a difficult one.
I have made a simple example to explain it a little :
HTML-CODE:
---
html
form method=post action=/cgi-bin/david/1.cgi
table
input type=hidden name=hide1 value=secure
input type=hidden name=hide2 value=very secure
trtdplease enter your First name /tdtdinput type=text
name=userid/td/tr
trtdPlease enter your Last name /tdtdinput type=password
name=pw/td/tr
trtda href=/cgi-bin/david/1.cgiPlease try this one/a/td/tr
trtdinput type=submit/td/tr
/table/form
/html
--
Perl-script:
---
#!/user/cadiclab/bin/perl
use CGI qw(:standard);
$first = param('userid');
$last = param('pw');
$hide1 = param('hide1');
$hide2 = param('hide2');
print header,
start_html(-BGCOLOR=#99),
start_form;
print Hallo userid: $first with password: $last brbr;
print Hidden fields are; brbrField1: $hide1 brField2: $hide2
br;
print end_form,
hr;
--
Ones I hit the submit button the cgi-script does it all for me.
He tells me who I am and he prints the hidden fields.
Ones I hit the a href the params are not read within my cgi-script ?
Not the input type=text and not the input type=hidden.
Is there a way to get this working ?
Any other solutions to a more secure way of solving this are welcome
too !
P.S.: I need the links to browse through directory's and do stuff with
it.
A submit button instead of a a href does not look very fancy :)
Best Regards,
David van der Geer
Hi!
I am using one script to secure the members area and offer several
search functions for am mysql database. another script offers the
possibility to update data in this database. Botth scripts require the
user to ennter name, lastname and password.
Now I want to enable the user to get straight to the update function
without having to enter name, lastname and password (he already entered
one time) again.
How can I pass those already collected values on to another script
using
a link (a href)?
Or how can i do that at all?
Thanks for your help,
Sven
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: pass values to another scipt
David vd Geer Inhuur tbv IPlib wrote:
#!/user/cadiclab/bin/perl
use CGI qw(:standard);
$first = param('userid');
$last = param('pw');
$hide1 = param('hide1');
$hide2 = param('hide2');
print header,
start_html(-BGCOLOR=#99),
start_form;
print Hallo userid: $first with password: $last brbr;
print Hidden fields are; brbrField1: $hide1 brField2: $hide2 br;
this is dangerous!
you are taking user input and printing it directly to the browser
without any html escaping!
please read this:
http://www.perl.com/pub/a/2002/02/20/css.html
as for your question - have you tried using .htaccess?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: pass values to another scipt
Hi Sven,
Sorry, I thought you knew that one.
But how to proceed if you don't want those ugly/insecure params in your location bar ?
Regs David
Ok, i found out how to pass a few arguments to the other script:
a
href=collectformdata.cgi?action=fetchf_name=$f_namef_surname=$f_surname
Update
The only problem I have left is that the variables are not passed on.
Once I put names in there, it works just fine, but I do need those
variables to work.
if I would get any tips on this I'd really appreciate it
Sven
On Tuesday, May 14, 2002, at 04:36 PM, David vd Geer Inhuur tbv IPlib
wrote:
Hi All,
I am currently having the same problems as Sven. I tried to get some
info on it as
wel, but it seems a difficult one.
I have made a simple example to explain it a little :
HTML-CODE:
---
html
form method=post action=/cgi-bin/david/1.cgi
table
input type=hidden name=hide1 value=secure
input type=hidden name=hide2 value=very secure
trtdplease enter your First name /tdtdinput type=text
name=userid/td/tr
trtdPlease enter your Last name /tdtdinput type=password
name=pw/td/tr
trtda href=/cgi-bin/david/1.cgiPlease try this one/a/td/tr
trtdinput type=submit/td/tr
/table/form
/html
--
Perl-script:
---
#!/user/cadiclab/bin/perl
use CGI qw(:standard);
$first = param('userid');
$last = param('pw');
$hide1 = param('hide1');
$hide2 = param('hide2');
print header,
start_html(-BGCOLOR=#99),
start_form;
print Hallo userid: $first with password: $last brbr;
print Hidden fields are; brbrField1: $hide1 brField2: $hide2
br;
print end_form,
hr;
--
Ones I hit the submit button the cgi-script does it all for me.
He tells me who I am and he prints the hidden fields.
Ones I hit the a href the params are not read within my cgi-script ?
Not the input type=text and not the input type=hidden.
Is there a way to get this working ?
Any other solutions to a more secure way of solving this are welcome
too !
P.S.: I need the links to browse through directory's and do stuff with
it.
A submit button instead of a a href does not look very fancy :)
Best Regards,
David van der Geer
Hi!
I am using one script to secure the members area and offer several
search functions for am mysql database. another script offers the
possibility to update data in this database. Botth scripts require the
user to ennter name, lastname and password.
Now I want to enable the user to get straight to the update function
without having to enter name, lastname and password (he already entered
one time) again.
How can I pass those already collected values on to another script
using
a link (a href)?
Or how can i do that at all?
Thanks for your help,
Sven
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: pass values to another scipt
Hi Sven, Sorry, I thought you knew that one. But how to proceed if you don't want those ugly/insecure params in your location bar ? Use a form and an input type=image HTH, -dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: pass values to another scipt
Secure?? Have you guys been paying attention to the Matt's Script Archive discussion? You can pass along parameters between pages either in the URL or as hidden fields, but NEITHER IS REALLY SECURE!! The hidden fields only stymie the newbies. :-) Anyone could just save the form to their hard drive, modify the hidden field values there, and submit that version. If the server script thinks it need only check the referer variable to get around this, the hacker can submit their modified page with their own client, setting the referer field to whatever they want. True, it's nicer not seeing them in the URL, but it's not that much more secure. I recommend Chapter 8 of O'Reilly's CGI Programming with Perl for a thorough discussion of CGI security issues. - John --- David vd Geer Inhuur tbv IPlib [EMAIL PROTECTED] wrote: Hi Sven, Sorry, I thought you knew that one. But how to proceed if you don't want those ugly/insecure params in your location bar ? ... snip ... input type=hidden name=hide1 value=secure input type=hidden name=hide2 value=very secure ... snip ... = When you're following an angel, does it mean you have to throw your body off a building? - They Might Be Giants, http://www.tmbg.com Word of the week: Serendipity, see http://www.bartleby.com/61/93/S0279300.html __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
