Re: [URL] around a [sendmail] recipient?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27991
interpreted = N
texte = >So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[URL][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [URL]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [URL]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (Kenneth Grome 2000)
  2. Re: [URL] around a [sendmail] recipient? - SEARCHING: command vs. context (John Butler 2000)
  3. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  4. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  5. Re: [URL] around a [sendmail] recipient? (John Butler 2000)
  6. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  7. Re: [URL] around a [sendmail] recipient? (Kenneth Grome 2000)
  8. [URL] around a [sendmail] recipient? (John Butler 2000)
>So then I guess this implies that an email address can never contain an & char?I don't think & is acceptable in an email address, but I have not read the requirements so I don't know for sure. >And while we're on this topic, I want to ask more questions to understand more deeply... I have a db that stores user input account data. I give them the chance to 'login'. On the next page I search the db using their name and passwerd (which they just input)- > >[Search db=some.db&eqAccountNumdatarq=[AccountNum]&eqPasswerddatarq=[url][Passwerd][/URL]&max=1] > >so here's a case of where you would say I DO NOT need to [url]ize the passwerd since it is coming out of the db (rather than going in)??No because the [passwerd] value is not coming out of the database in a search, it is coming from the form on the previous page, so you *should* [url] the [passwerd] tag in this situation! Just remember to [url] any [value] tag in a search, append, replace or delete context when you don't know for sure what its value is. Many other contexts are different so they do not (and sometimes should not) be [url]ed. >But what if I haven't taken steps to prevent the user from using an & in his passwerd? If there was a & in there, wouldn't that break the search?Only if you don't [url] the [passwerd] tag, so use it -- this is a search not a sendmail context -- and you'll be fine. >And if after logging in, I gave him the chance to do a different search on the db (via form; TYPE=hidden NAME=command VALUE=search>, etc.) and on the next results page I have a [shownext] with a >hypertext link inside which uses- >?command=search&[searchstring]... >and passwerd is in the [searchstring] because I passed it along with the other hidden inputs when the user >submit his form-based search, then aren't I asking for problems if I have allowed illegal URL chars in >passwerd? Assuming I need to allow non-URL chars there, then wouldn't I need to wrap [searchstring] with [url]?I would stop using commands if I were you, it simplifies things and makes everything more secure if you *ALWAYS* use contexts. There are things you simply cannot do witout using a context -- such as [url]ing a form value when that form is doing a command-based search for example, so just make a habit of always using contexts and life will be a lot easier for you ... :)================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Browser Reloads and AddlineItem (1997) DataBaseHelper Flawed (1997) Authenticate and IIS (1997) IIS4/WebCat3.0 Authentication (1999) Big Databases (1997) Character limit in [Search]? (1998) Banner DNA (1997) Dates (1996) Bug Report, maybe (1997) CGI Request Time Out (1997) How bad an idea is it to put cart=[cart] on all links? (2000) foreign languages, email, webcat (1998) How do you hide [math]stuff[/math] (1997) Re:HELP - NONE STOP DIGESTS. Digest for 4/24/97) (1997) OK, here goes... (1997) webcat- multiple selection in input field (1997) [encrypt] blues.... (2000) if/then/else in founditems (2001) Protect vs Authenicate (1997) Ampersand (1997)