Let me explain what I'm trying to emulate.  
If you have seen any of the major job boards, they
allow you to save "search agents".  Those agents at
least on Monster, Dice, HotJobs I think , spare you
the hassle of going to the search page and reentering
the criteria. 
The agents can act in various ways:
1-If you are on the site , you can execute from there.
2-You can also have it emailed and that comes in two
a- the query is run for you and the results are sent
in an email
b-an email goes out with a link to a page, you hit
"view" (on Monster) and your agent returns results.

My only guess is that the query is what's being
grabbed and saved. You raise a good point about
security , but users don't actually get to see the
query.  All they are getting is the results , from the
one they decided to save.

--- Joseph Crawford <[EMAIL PROTECTED]> wrote:

> i am sorry but i would never post a querystring
> along with a form i
> mean doing that and processing it will open your
> site to
> vulnerabilities.
> yes you could do it as a post variable and a hidden
> field but that
> doesnt stop people from saving the html document to
> thier computer
> altering the query and then submitting the form, i
> guess you could add
> a check to make sure that the refering page is
> yourdomain.com but if i
> am correct this could open up a world of trouble.
> If however i am wrong someone please respond and
> correct me :)
> -- 
> Joseph Crawford Jr.
> Codebowl Solutions
> 802-558-5247
> For a GMail account
> contact me OFF-LIST
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to