If you use this method, I would advise that you cross check the itemid to be removed, 
with the user attempting to remove the item session identifier. 
There is potential otherwise for a script kiddie to write a simple script that counts 
from 0-n and submit's each iteration to the remove action, in theory this would remove 
every item from every users basket if it run quick enough.
 
Either that or encrypt the itemkey that is written to the page.
 
Chris McCormack

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 16 July 2004 12:12
To: Struts Users Mailing List
Subject: Re: Best practice request - dynamic link to redraw page



Jon, 
The way it is managed is, while you paint the "delete" links in your HTML, you add a 
query string like this 

?itemid=xyz 

and then in your action class method obtain the value of this variable itemid ( 
obviously through form-bean) 
and this is how single statement can do the work 

Hope this answeres your query. 

Regards, 
Puneet Agarwal
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com 



"Jon Barber" <[EMAIL PROTECTED]> 


07/16/2004 04:22 PM 



Please respond to
"Struts Users Mailing List" <[EMAIL PROTECTED]>



To
"Struts Users Mailing List" <[EMAIL PROTECTED]> 

cc

Subject
Best practice request - dynamic link to redraw page

        




Dear All,

Trawled through the archive with no luck, but then I couldn't work out
the best search terms for this question, so.......

I'm writing a shopping basket app with the usual requirements, and using
tiles which has made things a lot less painful. However, I have this one
problem that I can't work out a nice way to solve.

On every page of the basket the contents of the basket are shown in a
panel at the bottom of the page, and against each product is a 'delete'
hyperlink.  When the user clicks on this link the product should be
removed and the page refreshed to show the modified info.

My question is - how to code the logic to do the deletion of the product
in such a way that the refreshing of the page is handled in a nice way ?
I have the usual way of using an Action to populate the contexts to
render the page, and then an Action to process the users response. When
a product is removed I will have to delete the product & then redirect
the user back to the Action to populate the page all over again.

As far as I can see I have 2 options :

1. Have one Action that performs the product removal and that accepts a
URL as a parameter that then redirects the user using that URL. I will
have to place the necessary URL in the context so that when the page is
rendered the redirect URL is set correctly for wherever the user is.
Painful & not very nice - every populate Action will have to put the
correct URL for itself into the context.

2. Have a seperate Action for every single delete page so that each
instance knows where to send the user back to. Not much different from 1
& leads to a lot of Actions.

Any ideas ? 

Am I missing the obvious ? For example, for 1 can I simply use the
present request URL as the URL to redirect the user to to redraw the
page ?

Jon.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


ForwardSourceID:NT000020A6     



***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please 
notify the sender immediately and delete this 
e-mail from your system.
You must take no action based on this, nor must 
you copy or disclose it or any part of its contents 
to any person or organisation.
Statements and opinions contained in this email may 
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************

Reply via email to