All, The situation is this.
On my web page "products.asp" I am displaying all the products from my database and allow the user to select the quantity he wants to buy. So to make it short: "$itemCode" comes after a query to the database for each item in database. The form looks like this: <form action="/asp/verify.asp"> <select name="Qty_<%=$itemCode%>"> <option selected>0</option> <option>1</option> <option>2</option> <option>3</option> </select> <input type="submit" name="SUBMIT"> </form> So the quantity is passed to "verify.asp" through the querystring and looks like this: http://....../verify.asp?Qty_1=1&Qty_2=3.... The query string gets long depending on the number of products I have. Then I again retrieve the "itemcode" and its selected "quantity" on the "verify.asp" page using "$Request- >QueryString()" object. I am not happy with this solution. As it makes the website vulnerable as a user can input anything in the querystring "http://....../verify.asp?Qty_1=1&Qty_2=3....";. Please suggest a good way to do this. Thanks, Kunal Parekh. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
