Hi,
Ok for example in my site, i send "internal mail" member 'email' other
users, and it is kept in a database.
But what about a user.
copy the form, and a while loop keeping to send e-mail to overload the
database,(put too much information),
this is why yahoo, or hotmail when you join they put a
what do you mean by overload?
you should never trust data coming in from a webform. for example, if you
are collecting a phone number and the data is in $phoneNumber..
do something like,
$phoneNumber =~ s/.*(\d{3}-\d{3}-\d{4}).*/
or
&handleError() if ( $phoneNumber !~ /^(\d{3}-\d{3}-\d{4})$/ );
Hi.
I have an idea, if someone creates an external program to overload my
database, How do i prevent that, if all the fields are correct?
Anthony
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I have found CGI::FormBuilder a great way to do the validation for you.
First it ignores anything you didn't specifically ask for. Second, you can
easily validate using regexes. An additional benefit is that this module
provides client side (for legitimate users of your form), and server side
check
> should I use $ENV{HTTP_REFERER} to check wether a form was sent from my
> site.
> Because I don't want people to download my webpage, put a link to a form,
> and modify some of the forms so it can crash the script.(eventough i tried
> to protect from that).
Enough error handling in your script
On 6/26/03 at 10:48 AM, [EMAIL PROTECTED] (anthony) wrote:
> Hi,
>
> should I use $ENV{HTTP_REFERER} to check wether a form was sent from
> my site. Because I don't want people to download my webpage, put a
> link to a form, and modify some of the forms so it can crash the
> script.(eventough i t
> Sent: Wednesday, July 24, 2002 9:49 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: HTTP_REFERER
> >
> >
> > Thanks. I was setting up some Paypal stuff and want to make
> > sure that the user is
> > actually coming from Paypal (https://www.paypal.com...
Well, there you have it Shao-Ju. Hey, I learned something new today. Cool.
- Original Message -
From: "Bob Showalter" <[EMAIL PROTECTED]>
To: "'Shao-Ju Chao'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, July 24, 2002 7:5
> -Original Message-
> From: Shao-Ju Chao [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 24, 2002 9:49 AM
> To: [EMAIL PROTECTED]
> Subject: Re: HTTP_REFERER
>
>
> Thanks. I was setting up some Paypal stuff and want to make
> sure that the user is
&g
> -Original Message-
> From: Shao-Ju Chao [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 24, 2002 9:38 AM
> To: [EMAIL PROTECTED]
> Subject: HTTP_REFERER
>
>
> I was trying to get referer information from
> $ENV{'HTTP_REFERER'} but always got empty
> string. Is this env variable sup
Thanks. I was setting up some Paypal stuff and want to make sure that the user is
actually coming from Paypal (https://www.paypal.com.) and then come to my web page
to
ativate their account. The "return" link is on Paypal and when they click the link and
return, I checked the HTTP_REFERER and
referer is only set if you are linked from another site, are you sure
its being set? And yes its supported by apache (any os).
On Wed, 2002-07-24 at 09:37, Shao-Ju Chao wrote:
> I was trying to get referer information from $ENV{'HTTP_REFERER'} but always got
>empty
> string. Is this env variable
Shao-Ju,
Yes, but it does not exist when there was no referer. So, for example, if
somebody just went
strait to test.pl, it would not have a referer, but if somebody went to test.html
which had a link
to test.pl, then you would have a referer which would be the url of test.html
Regards,
Da
13 matches
Mail list logo