On Mon, Nov 30, 2009 at 1:21 PM, Victor Subervi <victorsube...@gmail.com> wrote:
> On Mon, Nov 30, 2009 at 2:00 PM, inhahe <inh...@gmail.com> wrote:
>>
>> On Mon, Nov 30, 2009 at 12:58 PM, inhahe <inh...@gmail.com> wrote:
>> > On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>> > <victorsube...@gmail.com> wrote:
>> >>
>> >>
>> >> If I'm not mistaken, that won't help me actually print to screen the
>> >> user's
>> >> choices as he selects them, which in my application, is important.
>> >> Please
>> >> advise.
>> >> TIA,
>> >> V
>> >
>> >
>> > sure, that's where this part comes in:
>> >
>> > the javascript would populate the list for the colors the user selects
>> > (the easiest way would probably be to give the list an id and use
>> > getElementByID())
>> >
>> > so basically you'd define, e.g., an onClick="blah('red'); return true"
>> > within the red element's tag, and then define a function blah(x) that
>> > says
>> > getElementById("my_list_id").innerHtml += "<br>" + x;
>> > and of course give your list textarea an id="my_list_id" attribute in
>> > the tag.
>> >
>> > that could be slightly wrong, my javascript's rusty
>> >
>>
>> also don't forget to sanitize the data you receive before committing
>> it to the database, or someone can hack the javascript and send an SQL
>> injection attack
>
> Good call! However, in my case I can put this all behind a firewall. It's
> only for the shop builder's use, and that's my client...whom I can track!
> But I presume this would entail doing searches for and eliminating all
> unnecessary characters, right?
> VDon't homebrew these things, they're easy to screw up and disastrous to get wrong. Also, if you're worried about how secure something you've written is, you can give yourself a little peace of mind by running over it with some of the standard script kiddie tools before deployment. It'll at least give you the comfort of knowing that they won't be able to autopwn you for a while. Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
