Re: [URL] around a [sendmail] recipient?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27991
interpreted = N
texte = >So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[URL][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [URL]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [URL]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (Kenneth Grome 2000)
  2. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (John Butler 2000)
  3. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  4. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  5. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  6. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  7. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  8. [URL] around a [sendmail] recipient? (John Butler 2000)
>So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[url][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [url]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [url]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Problems with [Applescript] (1997) Re:Emailer and encryption (1997) Nested search (1997) [Replace] really replaces? (2000) For those of you not on the WebCatalog Beta... (1997) Re[2]: 2nd WebCatalog2 Feature Request (1996) How To question on setting up downloads (1997) how to know the [LineIndex] number webcat generated during a [AddLineItem]? (2000) WebCat2.0 [format thousands .0f] no go (1997) Emailer [cart] file names (1997) A Global Variable (1997) [WebDNA] webDNA and JSON (2011) Pithy questions on webcommerce & siteedit (1997) WebCatalog for Postcards ? (1997) multiple selected Checkboxes (1998) Generating Report Totals (1997) Group search doesn't work. (1997) Re2: frames & carts (1997) Cart file not being written (2000) Showif, Hideif reverse logic ? (1997)