You realize that "hidden" fields are not hidden, right? You just have to
view the source of the page in which they are embedded and you now know the
username and password, and that with every round-trip to the server, this
information is sent in plain-text (unless you are using SSL)? I would read
up on using sessions to store these types of sensitive information.
As for why you can login with empty username and password, is it possible
that your mysql allows that from localhost? You may want to check on that.
Sean
On 3/9/06 11:41 AM, "Mary Anderson" <[EMAIL PROTECTED]> wrote:
>
> Hi all,
> I have a login screen login.pl which calls another application
> sampleEntry.pl. The login and password are passed to a multipage Sample
> Entry program as CGI parameters
>
> sampleEntry.pl?login=mylogin&password=mypassword.
>
> These two parameters are used in one of the pages to login to a MySQL
> database, and are passed back to sampleEntry.pl when that program is
> reloaded to create a new record.
>
> Hidden, which I am trying to use to pass these two parameters around, is
> a complete mystery!
>
> My previously reported performance degradation apparently came from
> misusing hidden. In those days, there was just one application. Once I
> learned I could use it to pass parameters to fields which appeared on one
> page and not the other, I used it liberally throughout the program. It
> appeared to have some very strange effects -- namely doubling the number of
> fields each time it was used on a page on which the fields appeared! This
> wrecked havoc with my performance.
>
> Now, however, it is a complete mystery. I call sampleEntry with the
> login and password, and work my way through the application until I get to
> the page which connects with the database. At that point, it connects even
> though I do
>
> my $login = param(-name=>'Login');
> my $password = param(-name=>'Password');
> print "login = $login",
> hr;
> print "password = $password",
> hr;
>
> $DBH = DBI->connect("dbi:mysql:meadowRue:localhost", "$login", "$password");
>
>
> just before doing the database connect.
>
> Output; login =
> password =
>
> But the database connects!!!!
>
> Then, when I try to pass the value of login back to sampleEntry, which is
> being reloaded to start a new record, the value of $login is seen to in
> fact be null.
>
> How should I be passing these parameters? SampleEntry has multiple pages
> but no explicit Login or Password textfields.
>
> Thanks
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
