On Thu, 7 Feb 2002, Simon Crute <[EMAIL PROTECTED]> wrote, > Hasanuddin Tamir wrote: > > > > Imagine you have a template, > > > > <title><tmpl_var title></title> > > > > And you expect that title will be filled in from some textfield. But what > > what happened if someone find out about the placeholder title in the > > template and that you use associate? He can fill it in with what ever he > > likes via query string. > > > > http://www.host.com/yourscript?title=whatever+will+be > > > > > The docs seemed to say that setting a var via $tmpl->param would > override anything in $cgi.
I know. I'm talking about relying on the cgi parameter since that's what associate is for. It will take care the rest of placeholders we don't set via param(). rgd -- san->http(www.trabas.com) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
