Currently on my page:
I'm confused on how to store the token in a javascript var. When
clicking submit I'm trying to pass it as my passt() function's
argument like so:
...
onsubmit="getMarks(this.action + '?name=' + escape(this.name.value));
return false; passt('<?php echo $_SESSION['token']; ?>');">
---------------------------------------
Then send the var to the PHP using Ajax like so:
function passt(???)
{
...
Its so late and I'm tired. Passing the php $_SESSION['token'] to the
javascript is my problem and I'm also working on how I will pass the
var to the php but I think I will do this:
var query = "?token=";
var token= "<?php echo $_SESSION['token']; ?>"
xmlHttp.open("GET","currentphp.php + '?token=' + token ",true);
Then in the PHP: $_GET['token'];
I will work on it more tomorrow, lol.
On Oct 5, 2:52 pm, William <[EMAIL PROTECTED]> wrote:
> Hi Lan Mind,
> 1. In the default configuration a web server (eg Apache) will serve
> html files without interpreting any PHP tags in them. If it sees a
> PHP file extension then it will pass the whole thing to the PHP
> interpreter module. It is possible to configure Apache pass all HTML
> files to the PHP interpreter but that's not recommended. So you need
> to configure the home page of your site to be a php page.
>
> 2. I'm not sure which is the better method to use, because hackers
> would find it easy to use both methods. Using a secure token makes
> allows you to use the GET method with confidence. The POST method
> doesn't really hide much for determined hackers.
>
> 3. The Google Maps API method GXmlHttp.create() gives you back a
> XMLHttpRequest, which is an object created by the browser and not part
> of the Google Maps API. Seehttp://en.wikipedia.org/wiki/XMLHttpRequest
>
> Also you will need to add the new security token to the XML in the
> returned results, and update the hidden field in the form, so the next
> search request has the correct token. Perhaps it is more convenient
> to store the security token in your webpage as a javascript variable
> rather than a hidden field in a form, because the form processing is
> done by AJAX.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Maps API" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Maps-API?hl=en
-~----------~----~----~----~------~----~------~--~---
