On 5/6/02 6:30 AM, David vd Geer Inhuur tbv IPlib
<[EMAIL PROTECTED]> wrote:
> Hi,
Hi David,
> I am strugling with my program that list the contents of a directory.
> Ones the directory contains files and you have permission it shows you a doc
> icon
> else it will show a directory-map followed by it's name as an "<a href>"
>
> The problem I have now is that using the <a href> command will have to show
> all important variables in the browsers Location.
As will a form. If they so wish, users can look at everything that is passed
to your script. They can also feed your script dummy data, so I'd be very
careful about how you allow users to view directories. You cannot rely on
your script's input to be correct -- make sure you validate it completely
inside the script, where nobody can swap values on you.
> Of course, you would say.
> But is there a nice possibility to keep using the <a href> statement without
> defining the variables in the href, So I can work with the :
>
> use CGI qw(:standard);
> $userid = param("userid");
> ...
> ....
>
> And get the variables without all users seeing what I need ?
They can see them no matter what.
David Gray's idea of using check boxes (or, even better, radio buttons) is a
good one. Just remember that by using a "POST" form, you are only keeping
your URL cleaner -- the values are still there for all to see in the HTML
code of the page.
hth,
--
Michael
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
