Re: [URL] around a [sendmail] recipient?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27991
interpreted = N
texte = >So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[URL][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [URL]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [URL]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (Kenneth Grome 2000)
  2. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (John Butler 2000)
  3. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  4. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  5. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  6. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  7. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  8. [URL] around a [sendmail] recipient? (John Butler 2000)
>So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[url][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [url]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [url]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

inconsistent webcat calculation? (1997) [isfile] ? (1997) 2nd WebCatalog2 Feature Request (1996) #uck you (1998) GD Scumbucket Spammer (2004) Calculating Age from DB fields (2003) WebCat, The Trend, & Consolidating... (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Template Encryption (1998) weird happenings (1997) [BULK] [WebDNA] port from mime headers? (2017) WebTen? (1997) update on include (1997) rotating thumbnails (1997) covertchars db to keep CR's, but not new ones (2002) WebCat2 - Getting to the browser's username/password data (1997) two unique banners on one page (1997) Ads.db (1997) PCS Frames (1997) Still search problems! (1999)