Kun <[EMAIL PROTECTED]> writes: [...] > for x in form.keys(): > print "%s=%s" % (x, form[x].value) + "<br>" [...]
...and the second thing that jumps out at me is that you're neglecting to HTML-quote the data you're inserting into your web page here (for example, using xml.sax.saxutils.escape()), which is another common cause of security holes, very similar to those with failing to use proper SQL parameter quoting. Google for "cross-site scripting". John -- http://mail.python.org/mailman/listinfo/python-list
