Thanks in advance for any assistance,
This is probably something I should know and clearly something I could do
differently but for now I'm hoping for an easy solution.
I believe 4D is moving away from the Automatic Variable Assignment option when
using a browser to access a 4D enabled Web server. As they do that I believe
the replacement approach is to use Web Get Variables. Because we have a silly
number of variables (i.e., 20,000) which could be called from any given web
page we'd like use something similar to the code below to assign the values
received using Web Get Variables to their corresponding and existing variables
using pointers. That would allow us to move away from the Automatic variable
assignment without a major rewrite to our code.
In an uncompiled application the code works fine.
In a compiled application it works fine as well unless someone were to
maliciously or somehow inadvertently submit a web page with a field name which
was not defined in our application. In brief if they modified an html form to
submit to our application and added a non-existent field, then a -20010 error -
Bad usage of pointer or pointer to an unknown variable message would be
generated and the connection would hang until we clicked OK on the message on
the server.
Is there any way we could avoid this from happening? We were hopeful that using
"undefined" would help but that doesn't work in a compiled database.
Aside from a major rewrite of how we handle the fields from a form statement
does anyone know how we could just ignore unknown field names o handle them
without the error message being generated in a compiled database?
Code used during On Web Authentication
C_TEXT($1;$2;$3;$4;$5;$6)
C_TEXT(vtSystem_Password;vtSystem_User;vtSystem_Server_IP;vtSystem_Client_IP;vtSystem_Hdr;vtSystem_URL)
$0:=True
vtSystem_URL:=$1
vtSystem_Hdr:=$2
vtSystem_Client_IP:=$3
vtSystem_Server_IP:=$4
vtSystem_User:=$5
vtSystem_Password:=$6
$vt_GetOrPost:=""
$vt_GetOrPost:=Substring(vtSystem_Hdr;1;4)
If ($vt_GetOrPost="Post")
ARRAY TEXT(arr_Web_Field_Name;0)
ARRAY TEXT(arr_Web_Field_Value;0)
WEB GET VARIABLES(arr_Web_Field_Name;arr_Web_Field_Value)
For ($i;1;Size of array(arr_Web_Field_Name))
//ALERT(string($i)+" - "+arr_Web_Field_Name{$i})
Case of
: (arr_Web_Field_Name{$i}="vbFileName")
C_TEXT($vPartName;$vPartMimeType;$vPartFileName;$vDestinationFolder)
C_BLOB($vPartContentBlob)
C_BLOB(vbFileName)
C_LONGINT($i)
For ($j;1;WEB Get body part count) //for each
part
WEB GET BODY
PART($i;$vPartContentBlob;$vPartName;$vPartMimeType;$vPartFileName)
If ($vPartFileName#"")
vbFileName:=$vPartContentBlob
vt_OrignalFileName:=$vPartFileName
vt_cttype:=$vPartMimeType
//BLOB TO
DOCUMENT($vDestinationFolder+$vPartFileName;$vPartContentBlob)
End if
End for
Else
$p:=Get pointer(arr_Web_Field_Name{$i})
$p->:=arr_Web_Field_Value{$i}
End case
End for
End if
Mike McCall
Facilitate.com
**********************************************************************
4D Internet Users Group (4D iNUG)
FAQ: http://lists.4d.com/faqnug.html
Archive: http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:[email protected]
**********************************************************************
