Re: dynamic list of form variables

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 50322
interpreted = N
texte = Thanks for the warning. I _think_ I'm on safe ground here (but correct me if I'm wrong) as I would be wrapping the _name_ of some of the form variables in interpret tags, not their values.Cheers,Dave Hurley Biology Department University of Washington On Monday, May 12, 2003, at 03:53 PM, Brian Fries wrote:> Security warning... > > You describe the input as incoming form variables - you never want > to use interpret around any incoming data unless you are absolutely > positive about the source of the data and the safety of its contents. > If, for example, one of the formvariables contained the value > [deletefolder /], then interpreting that would cause WebDNA to > gleefully execute that tag. > > - brian > > On Monday, May 12, 2003, at 09:36 AM, Donovan wrote: > >> [interpret][[field]-[index]][/interpret] >> >> might be what you are looking for?? >> be wary of security using interpret >> >> Donovan >> >> >> Dave Hurley wrote: >> >>> Is there a way to nest variables in the name of a variable so that, >>> if the result is the name of a form variable, it is parsed as such? >>> I have a bunch of incoming form variables, field-1, field-2, field-3 >>> etc., and I would like to loop through them in order to update a >>> database. When I use [field]-[index] inside a loop context I end up >>> with the literal 'field-1' instead of the contents of the form >>> variable named 'field-1'. >>> >>> If this makes sense and someone has a solution (arrays?) I'd love to >>> hear about it. >>> >>> Thanks. And thank you to everyone who answered my last question >>> regarding the updating of database files outside of an admin page - >>> it makes sense now. >>> >>> Dave Hurley >>> Biology Department >>> University of Washington >> >> > -- Brian Fries, BrainScan Software -- > http://www.brainscansoftware.com -- > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: dynamic list of form variables (Dave Hurley 2003)
  2. Re: dynamic list of form variables (Brian Fries 2003)
  3. Re: dynamic list of form variables (Donovan 2003)
  4. Re: dynamic list of form variables (WebCat @ Inkblot Media 2003)
  5. Re: dynamic list of form variables (Laurent Bache 2003)
  6. dynamic list of form variables (Dave Hurley 2003)
Thanks for the warning. I _think_ I'm on safe ground here (but correct me if I'm wrong) as I would be wrapping the _name_ of some of the form variables in interpret tags, not their values.Cheers,Dave Hurley Biology Department University of Washington On Monday, May 12, 2003, at 03:53 PM, Brian Fries wrote:> Security warning... > > You describe the input as incoming form variables - you never want > to use interpret around any incoming data unless you are absolutely > positive about the source of the data and the safety of its contents. > If, for example, one of the formvariables contained the value > [deletefolder /], then interpreting that would cause WebDNA to > gleefully execute that tag. > > - brian > > On Monday, May 12, 2003, at 09:36 AM, Donovan wrote: > >> [interpret][[field]-[index]][/interpret] >> >> might be what you are looking for?? >> be wary of security using interpret >> >> Donovan >> >> >> Dave Hurley wrote: >> >>> Is there a way to nest variables in the name of a variable so that, >>> if the result is the name of a form variable, it is parsed as such? >>> I have a bunch of incoming form variables, field-1, field-2, field-3 >>> etc., and I would like to loop through them in order to update a >>> database. When I use [field]-[index] inside a loop context I end up >>> with the literal 'field-1' instead of the contents of the form >>> variable named 'field-1'. >>> >>> If this makes sense and someone has a solution (arrays?) I'd love to >>> hear about it. >>> >>> Thanks. And thank you to everyone who answered my last question >>> regarding the updating of database files outside of an admin page - >>> it makes sense now. >>> >>> Dave Hurley >>> Biology Department >>> University of Washington >> >> > -- Brian Fries, BrainScan Software -- > http://www.brainscansoftware.com -- > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Dave Hurley

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

still having shipCost.db Problem (1997) search engine friendly URLS (Mac) and Lycos! (1998) duplicate cart numbers (2002) Quick poll (2003) Limit on nested [ShowIf]'s? (1997) [WebDNA] v6.2 dependencies? (2010) bugs w/! &/or bad scripting??? (1997) Calculating days, hours, minutes ago - SOLUTION (2004) emailer (1997) Format all of a sudden doesn't work (1997) New index for docs (1997) [setheader] within [orderfile] (2001) emailer (1997) [quantity] solved (1997) WebTrends (2002) notification solutions (1997) Frames and WebCat (1997) WebCat editing, SiteGuard & SiteEdit (1997) form data submission get (1997) problems with 2 tags (1997)