Re: Shhh, very quiet.

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 66903
interpreted = N
texte = I've always done form field checking on a field by field basis, based on what the client wants and is willing to pay for. Is this what you mean ... checking field data after the visitor submits the form to insure that they appear to have valid data in them? Sincerely, Kenneth Grome owner@kengrome.com kengrome@gmail.com www.kengrome.com On Fri, 21 Apr 2006 10:27:46 -0400, devaulw@onebox.com wrote: > Ken, > > How do you guard against a formhack so someone cannot insert > arbitrary data into a record? > > Bill > > > -----Original Message----- > From: Kenneth Grome > Sent: Fri, 21 Apr 2006 10:45:50 +0800 > To: "WebDNA Talk" > Subject: Re: Shhh, very quiet. > > Hi Donovan, > > I used to do this a long time ago too, but then I found an easier way > ... or at least it's easier for me. > > When it's time for a visitor to add a new record to a database, I use > an append context at the top of my append page -- to create a new > blank record. Then I do a search for that new blank record further > on down the page, and my form [include] tag goes inside the > [founditems] context of that search. > > In other words, my forms are always used to replace -- never to > append -- and now I no longer have to try to make a single form work > properly in both append and replace contexts ... which is basically > what your code does, and what mine used to do before I came up with > this new technique. > > The new "blank" record I create in my append context is not > completely blank of course. I pre-set two values in these newly > created records. One is the uniqueID value (created by the [cart] > tag) and the other is the current [date] which goes into the > createDate field. > > For those of you who anticipate that my technique of appending new > blank records might fill the db with lots of blank records, one for > each person who clicks the "create a new record" link but never > submits the form, I have a simple solution that looks like this: > > [delete db=xxx.db > &eqeditDatedatarq=[blank] > &lecreateDatedatarq=[math date]{[date]}-{00/02/0000}[/math] > &createDatetype=date] > > This delete tag (without the line breaks of course) goes at the top > of the append page and/or at the top of the replace page. It > automatically deletes all records in the db that have a blank > editDate field *and* a createDate value that's two days ago or > earlier. I use two days instead of one as the cutoff for > auto-deletion because it's possible that someone will click the link > to register just before midnight (server time) but not submit the > form until after midnight. So by waiting for two days instead of > one, I always give the visitor 24-48 hours to complete the form > before I auto-delete the blank forms. > > Not to diminish the value of your new discovery Donovan, because > that's the first method I developed years ago when [text] variables > first became available, and it's still a very good one. But after > dealing with the hassles that method creates for far too long, I > finally sat down and developed my new method -- which as it turns out > is a whole lot faster and easier. > > At least it is for me ... :) > > Sincerely, > Kenneth Grome > > owner@kengrome.com > kengrome@gmail.com > www.kengrome.com > > > > > > On Thu, 20 Apr 2006 11:23:39 -0500, Donovan Brooke wrote: >> Hello, >> >> Its been purty quiet lately so I thought I'd post something. >> >> Now some/many? of you probably do this already.. so this is for people >> who haven't tried this yet. >> >> When interacting with a database, there is almost always >> an ADD, EDIT and DELETE system to build right? Concentrating >> on just the ADD and EDIT... I use to create two lengthy >> forms. The edit form auto filled in the form, the >> add form didn't. >> >> For quite some time now, I've been using only one form combined >> with a append=T in a replace. >> >> Here is how it works: >> >> 1.) If you are adding. Just link to the page. >> 2.) if You are editing.. link to the page with the ID of the record >> to be edited using "theID". >> >> ** this assumes that a database will have a unique fieldname (in this >> case "ID") ** >> >> >> 3.) Put this code in the top of the page: >> [if ("[raw][theID][/raw]"="[theID]") | ("[raw][theID][/raw]"="")] >> [then] >> [ListFields db=thedb.db][text][name]=[/text][/listfields] >> [/then] >> [else] >> [search db=thedb.db&eqIDdatarq=[theID]] >> [founditems] >> [ListFields >> >> db=thedb.db][text][fieldname]=[interpret][[fieldname]][/interpret][/text][/listfields] >> [/founditems] >> [/search] >> [/else] >> [/if] >> >> >> >> 4.) This is your add or edit form (I like to have it in an .inc file) >> >>
>> >> >> >> >> >> ETC. >> >> >>
>> >> >> >> 5. ) Put your edit code at the top of the page even above the "IF >> Then else". >> >> [showif [url][action][/url]=addedit] >> [showif ||[raw]|theID][/raw]|^|[theID]|] >> [!] >> **globalid.db is a database with only one field name called "ID" >> **It is the best way I've found to asign a unique ID safely to >> allow growth. >> [/!] >> [exclusivelock db=globalid.db] >> [append db=globalID.db&autonumber=ID][/append] >> [/exclusivelock] >> [/showif] >> >> [exclusivelock db=thedb.db] >> [replace db=thedb.db&eqIDdatarq=[theID]&append=T][!] >> [/!]ID=[lastautonumber]&[!] >> [/!][formvariables name=__&exact=F][!] >> [/!][getchars start=3][name][/getchars]=[url][value][/ur]&[!] >> [/!][/formvariables][!] >> [/!][/replace] >> [/exclusivelock] >> >> [commitdatabase db=thedb.db] >> [/showif] >> >> >> 6.) I wrote this quickly and spontaneously for this email so there >> could very well be syntax and spelling problems! >> >> >> This will save you much time in only having to edit one >> form when there are changes to a database... not only that, >> but you don't have to edit the replace and search contexts! >> >> Cheers, >> Donovan >> >> >> >> -- >> =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o >> DONOVAN D. BROOKE EUCA Design Center >> >> <- Web Development (specializing in eCommerce),-> >> <- Custom Paint, Labels, and Specialty Signage. -> >> <- Home and Business Embellishment/Fabrication, -> >> <- Glass Blowing, and Art Glass -> >> >> PH/FAX:> 1 (608) 835-2476 >> Web:> http://www.egg.bz | http://www.euca.us >> =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Shhh, very quiet. ( Kenneth Grome 2006)
  2. Re: Shhh, very quiet. ( Donovan Brooke 2006)
  3. Re: Shhh, very quiet. ( Kenneth Grome 2006)
  4. Re: Shhh, very quiet. ( devaulw@onebox.com 2006)
  5. Re: Shhh, very quiet. ( Kenneth Grome 2006)
  6. Shhh, very quiet. ( Donovan Brooke 2006)
I've always done form field checking on a field by field basis, based on what the client wants and is willing to pay for. Is this what you mean ... checking field data after the visitor submits the form to insure that they appear to have valid data in them? Sincerely, Kenneth Grome owner@kengrome.com kengrome@gmail.com www.kengrome.com On Fri, 21 Apr 2006 10:27:46 -0400, devaulw@onebox.com wrote: > Ken, > > How do you guard against a formhack so someone cannot insert > arbitrary data into a record? > > Bill > > > -----Original Message----- > From: Kenneth Grome > Sent: Fri, 21 Apr 2006 10:45:50 +0800 > To: "WebDNA Talk" > Subject: Re: Shhh, very quiet. > > Hi Donovan, > > I used to do this a long time ago too, but then I found an easier way > ... or at least it's easier for me. > > When it's time for a visitor to add a new record to a database, I use > an append context at the top of my append page -- to create a new > blank record. Then I do a search for that new blank record further > on down the page, and my form [include] tag goes inside the > [founditems] context of that search. > > In other words, my forms are always used to replace -- never to > append -- and now I no longer have to try to make a single form work > properly in both append and replace contexts ... which is basically > what your code does, and what mine used to do before I came up with > this new technique. > > The new "blank" record I create in my append context is not > completely blank of course. I pre-set two values in these newly > created records. One is the uniqueID value (created by the [cart] > tag) and the other is the current [date] which goes into the > createDate field. > > For those of you who anticipate that my technique of appending new > blank records might fill the db with lots of blank records, one for > each person who clicks the "create a new record" link but never > submits the form, I have a simple solution that looks like this: > > [delete db=xxx.db > &eqeditDatedatarq=[blank] > &lecreateDatedatarq=[math date]{[date]}-{00/02/0000}[/math] > &createDatetype=date] > > This delete tag (without the line breaks of course) goes at the top > of the append page and/or at the top of the replace page. It > automatically deletes all records in the db that have a blank > editDate field *and* a createDate value that's two days ago or > earlier. I use two days instead of one as the cutoff for > auto-deletion because it's possible that someone will click the link > to register just before midnight (server time) but not submit the > form until after midnight. So by waiting for two days instead of > one, I always give the visitor 24-48 hours to complete the form > before I auto-delete the blank forms. > > Not to diminish the value of your new discovery Donovan, because > that's the first method I developed years ago when [text] variables > first became available, and it's still a very good one. But after > dealing with the hassles that method creates for far too long, I > finally sat down and developed my new method -- which as it turns out > is a whole lot faster and easier. > > At least it is for me ... :) > > Sincerely, > Kenneth Grome > > owner@kengrome.com > kengrome@gmail.com > www.kengrome.com > > > > > > On Thu, 20 Apr 2006 11:23:39 -0500, Donovan Brooke wrote: >> Hello, >> >> Its been purty quiet lately so I thought I'd post something. >> >> Now some/many? of you probably do this already.. so this is for people >> who haven't tried this yet. >> >> When interacting with a database, there is almost always >> an ADD, EDIT and DELETE system to build right? Concentrating >> on just the ADD and EDIT... I use to create two lengthy >> forms. The edit form auto filled in the form, the >> add form didn't. >> >> For quite some time now, I've been using only one form combined >> with a append=T in a replace. >> >> Here is how it works: >> >> 1.) If you are adding. Just link to the page. >> 2.) if You are editing.. link to the page with the ID of the record >> to be edited using "theID". >> >> ** this assumes that a database will have a unique fieldname (in this >> case "ID") ** >> >> >> 3.) Put this code in the top of the page: >> [if ("[raw][theID][/raw]"="[theID]") | ("[raw][theID][/raw]"="")] >> [then] >> [ListFields db=thedb.db][text][name]=[/text][/listfields] >> [/then] >> [else] >> [search db=thedb.db&eqIDdatarq=[theID]] >> [founditems] >> [ListFields >> >> db=thedb.db][text][fieldname]=[interpret][[fieldname]][/interpret][/text][/listfields] >> [/founditems] >> [/search] >> [/else] >> [/if] >> >> >> >> 4.) This is your add or edit form (I like to have it in an .inc file) >> >>
>> >> >> >> >> >> ETC. >> >> >>
>> >> >> >> 5. ) Put your edit code at the top of the page even above the "IF >> Then else". >> >> [showif [url][action][/url]=addedit] >> [showif ||[raw]|theID][/raw]|^|[theID]|] >> [!] >> **globalid.db is a database with only one field name called "ID" >> **It is the best way I've found to asign a unique ID safely to >> allow growth. >> [/!] >> [exclusivelock db=globalid.db] >> [append db=globalID.db&autonumber=ID][/append] >> [/exclusivelock] >> [/showif] >> >> [exclusivelock db=thedb.db] >> [replace db=thedb.db&eqIDdatarq=[theID]&append=T][!] >> [/!]ID=[lastautonumber]&[!] >> [/!][formvariables name=__&exact=F][!] >> [/!][getchars start=3][name][/getchars]=[url][value][/ur]&[!] >> [/!][/formvariables][!] >> [/!][/replace] >> [/exclusivelock] >> >> [commitdatabase db=thedb.db] >> [/showif] >> >> >> 6.) I wrote this quickly and spontaneously for this email so there >> could very well be syntax and spelling problems! >> >> >> This will save you much time in only having to edit one >> form when there are changes to a database... not only that, >> but you don't have to edit the replace and search contexts! >> >> Cheers, >> Donovan >> >> >> >> -- >> =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o >> DONOVAN D. BROOKE EUCA Design Center >> >> <- Web Development (specializing in eCommerce),-> >> <- Custom Paint, Labels, and Specialty Signage. -> >> <- Home and Business Embellishment/Fabrication, -> >> <- Glass Blowing, and Art Glass -> >> >> PH/FAX:> 1 (608) 835-2476 >> Web:> http://www.egg.bz | http://www.euca.us >> =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Orderfile (2005) RE: textarea question (1998) WebCat Slowdown (2000) Where is f2? (1997) question: Eudora 3.1.1 (1997) [WebDNA] feature requests (2008) Webstar 1.3.1 PPC (1997) Transfering [text] variables (2000) Hideif on IP range (2004) writing checkboxes to a database (2000) $Append for Users outside the ADMIN group (1997) AOL and webcat (1998) New Weird Behavior (bug report) (2000) Multiple serial numbers (1997) WebDNA color code chart - help (2002) no [include]s with encryption? (1998) Instructions for Digest (1997) Trouble creating a temp database (2000) Update: Pay by Mail (CC, Check, Money Order) (2001) possible, WebCat2.0 and checkboxes-restated (1997)