Re: dynamic list of form variables
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 50322
interpreted = N
texte = Thanks for the warning. I _think_ I'm on safe ground here (but correct me if I'm wrong) as I would be wrapping the _name_ of some of the form variables in interpret tags, not their values.Cheers,Dave HurleyBiology DepartmentUniversity of WashingtonOn Monday, May 12, 2003, at 03:53 PM, Brian Fries wrote:> Security warning...>> You describe the input as incoming form variables - you never want > to use interpret around any incoming data unless you are absolutely > positive about the source of the data and the safety of its contents. > If, for example, one of the formvariables contained the value > [deletefolder /], then interpreting that would cause WebDNA to > gleefully execute that tag.>> - brian>> On Monday, May 12, 2003, at 09:36 AM, Donovan wrote:>>> [interpret][[field]-[index]][/interpret]>>>> might be what you are looking for??>> be wary of security using interpret>>>> Donovan>>>>>> Dave Hurley wrote:>>>>> Is there a way to nest variables in the name of a variable so that, >>> if the result is the name of a form variable, it is parsed as such? >>> I have a bunch of incoming form variables, field-1, field-2, field-3 >>> etc., and I would like to loop through them in order to update a >>> database. When I use [field]-[index] inside a loop context I end up >>> with the literal 'field-1' instead of the contents of the form >>> variable named 'field-1'.>>>>>> If this makes sense and someone has a solution (arrays?) I'd love to >>> hear about it.>>>>>> Thanks. And thank you to everyone who answered my last question >>> regarding the updating of database files outside of an admin page - >>> it makes sense now.>>>>>> Dave Hurley>>> Biology Department>>> University of Washington>>>>> -- Brian Fries, BrainScan Software -- > http://www.brainscansoftware.com -->>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list
.> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Thanks for the warning. I _think_ I'm on safe ground here (but correct me if I'm wrong) as I would be wrapping the _name_ of some of the form variables in interpret tags, not their values.Cheers,Dave HurleyBiology DepartmentUniversity of WashingtonOn Monday, May 12, 2003, at 03:53 PM, Brian Fries wrote:> Security warning...>> You describe the input as incoming form variables - you never want > to use interpret around any incoming data unless you are absolutely > positive about the source of the data and the safety of its contents. > If, for example, one of the formvariables contained the value > [deletefolder /], then interpreting that would cause WebDNA to > gleefully execute that tag.>> - brian>> On Monday, May 12, 2003, at 09:36 AM, Donovan wrote:>>> [interpret][[field]-[index]][/interpret]>>>> might be what you are looking for??>> be wary of security using interpret>>>> Donovan>>>>>> Dave Hurley wrote:>>>>> Is there a way to nest variables in the name of a variable so that, >>> if the result is the name of a form variable, it is parsed as such? >>> I have a bunch of incoming form variables, field-1, field-2, field-3 >>> etc., and I would like to loop through them in order to update a >>> database. When I use [field]-[index] inside a loop context I end up >>> with the literal 'field-1' instead of the contents of the form >>> variable named 'field-1'.>>>>>> If this makes sense and someone has a solution (arrays?) I'd love to >>> hear about it.>>>>>> Thanks. And thank you to everyone who answered my last question >>> regarding the updating of database files outside of an admin page - >>> it makes sense now.>>>>>> Dave Hurley>>> Biology Department>>> University of Washington>>>>> -- Brian Fries, BrainScan Software -- > http://www.brainscansoftware.com -->>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Dave Hurley
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
still having shipCost.db Problem (1997)
search engine friendly URLS (Mac) and Lycos! (1998)
duplicate cart numbers (2002)
Quick poll (2003)
Limit on nested [ShowIf]'s? (1997)
[WebDNA] v6.2 dependencies? (2010)
bugs w/! &/or bad scripting??? (1997)
Calculating days, hours, minutes ago - SOLUTION (2004)
emailer (1997)
Format all of a sudden doesn't work (1997)
New index for docs (1997)
[setheader] within [orderfile] (2001)
emailer (1997)
[quantity] solved (1997)
WebTrends (2002)
notification solutions (1997)
Frames and WebCat (1997)
WebCat editing, SiteGuard & SiteEdit (1997)
form data submission get (1997)
problems with 2 tags (1997)