On Mon, Nov 30, 2009 at 2:17 PM, Lie Ryan <lie.1...@gmail.com> wrote: > On 12/1/2009 5:00 AM, inhahe wrote: >> >> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<inh...@gmail.com> wrote: >>> >>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi >>> <victorsube...@gmail.com> wrote: >>>> >>>> >>>> If I'm not mistaken, that won't help me actually print to screen the >>>> user's >>>> choices as he selects them, which in my application, is important. >>>> Please >>>> advise. > > That's where Javascript kicks in. You only need to use the javascript to > modify your document (visual effect); you won't need it to submit to the > server (the real action). >
Oh yes, good point - even though (if he were still going to go the JavaScript route) he'd modify the textarea using javascript, a regular submit button could be used because it'll submit the current contents of that textarea all the same. >> >> also don't forget to sanitize the data you receive before committing >> it to the database, or someone can hack the javascript and send an SQL >> injection attack > > Or a XSS attack (Cross-site scripting). Basically, you want to check whether > the string received by the server matches your own predefined list of colors > before storing to the database. > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
