You take the source, modify the value of hidden fields, and then hit enter when your browser points to c:/local/path/file.html
For sure the script can check the referring adress to see if it's on the server, but as Jenda stated a while ago, a "good" hacker will be able to telnet your webserver and put whatever he want's in the header to fake the reffering url. I also use the print<<END_LABEL; method, you can ident, space out everything, etc. Plus I really like style attributes and dhtml so CGI is not really a good option for me. As for accessing the param() There are some good way, again Jenda made the most wonderful module for people like me that don't really like modules:) It takes the post/get data and parse it, without bringing the tons of functions that CGI brings when you don't need them. It's a small module with everything neded for decoding urls. http://Jenda.Krynicky.cz/#CGI::Deurl use CGI::Deurl qw(export IN); then all the transmitted data is in the IN package.. no more param{'name'} long syntax.. simply $IN::name gives you the variable! Note you can also access the param value in a package with CGI... so you don't have to install Jenda's module. Etienne [EMAIL PROTECTED] wrote: > > Etienne, > > How can users change hidden fields on a form using POST (not GET)?? > > I also find the CGI.pm syntax for writing HTML annoying. I think it was > you in a recent post who noted Perl's "here document" technique > (print<<END_LABEL;), which to me is a cleaner way to do it. I mentioned > CGI.pm mainly for it's param() method, to answer Sharat's question about > accessing the form variables. Otherwise s/he (sorry, I don't know!) would > have to do a lot more work to read and decode them from STDIN (if using > post) or $ENV{QUERY_STRING} (if using get). > > I completely agree with your recommendation for auto writing the hidden > field values. (Untested and unchecked by me, too!) > > - John > > > -----Original Message----- > > From: Etienne Marcotte [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 12, 2001 10:12 AM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: Passing arrays across forms > > > > > > Passing them in hidden fields lets user change them at will. > > It's ok if you are doing all your validity checks at the end of all > > forms, but if you're doing them after each section you need to keep > > those variables unaccessible to the user, or re-check them at the end. > > > > You do a imple validity check after each section, asking users to > > correct the wrongly formatted fields, and at the total end > > you re-check > > them and give a message asking the user why he tryed to hack > > the hidden > > fields values:) > > > > CGI.pm has sticky form elements, but personally I just hate > > to print my > > html using CGI.pm (and when using it you need to specify with > > 0 or 1 if > > you want previous data keps in form fields) > > > > as of easy way, you can auto_write your hidden fields.. foreach (keys > > %param) {print "<input type=hidden name=$_ value=param{$_}>\n";} or > > something like this (untested, unchecked) > > > > Etienne > > > > [EMAIL PROTECTED] wrote: > > > > > > Sharat, > > > > > > I tend to prefer hidden form variables to pass data, as > > cookies could be > > > unsupported or turned off by the client browser. The CGI.pm > > module provides > > > an easy way to access form variables from your Perl script. > > The O'Reilly > > > book _CGI Programming with Perl_ has several chapters > > dedicated to doing > > > this sort of thing. > > > > > > - John > > > > > > > -----Original Message----- > > > > From: Sharat Hegde [mailto:[EMAIL PROTECTED]] > > > > Sent: Tuesday, December 11, 2001 11:38 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Passing arrays across forms > > > > > > > > > > > > Hello, > > > > > > > > I have a wizard kind of form processing - basically 5 forms > > > > with user inputs > > > > in all the forms. The data is captured and stored at the end > > > > of the form > > > > processing. > > > > > > > > The data collected from the forms is stored internally in the > > > > form of arrays > > > > - there are about 4 arrays, one of them a two-dimensional > > > > array. The total > > > > amount of data in the worst case may be upto 1KB. > > > > > > > > 1. What is the best way to pass this data across forms? I > > > > know that hidden > > > > form variables is possible. I have not yet worked with > > > > cookies, but I hope > > > > to figure it out if required. > > > > > > > > 2. Are there are any modules available which convert array > > > > data into form > > > > variables and then allow you to convert form variables into > > > > arrays, without > > > > having to write all the parsing code yourself. > > > > > > > > Regards, > > > > Sharat > > > This message may contain information which is private, privileged or > > > confidential and is intended solely for the use of the > > individual or entity > > > named in the message. If you are not the intended recipient > > of this message, > > > please notify the sender thereof and destroy / delete the > > message. Neither > > > the sender nor Sappi Limited (including its subsidiaries > > and associated > > > companies) shall incur any liability resulting directly or > > indirectly from > > > accessing any of the attached files which may contain a > > virus or the like. > > > > > > -- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- > > Etienne Marcotte > > Specifications Management - Quality Control > > Imperial Tobacco Ltd. - Montreal (Qc) Canada > > 514.932.6161 x.4001 > > > This message may contain information which is private, privileged or > confidential and is intended solely for the use of the individual or entity > named in the message. If you are not the intended recipient of this message, > please notify the sender thereof and destroy / delete the message. Neither > the sender nor Sappi Limited (including its subsidiaries and associated > companies) shall incur any liability resulting directly or indirectly from > accessing any of the attached files which may contain a virus or the like. > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Etienne Marcotte Specifications Management - Quality Control Imperial Tobacco Ltd. - Montreal (Qc) Canada 514.932.6161 x.4001 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
