On Fri, 5 Apr 2002, Jas wrote:
> So adding a hidden field would definately pass the contents of the select
> box to the other script so I am not doing anything wrong with this portion,
> but what if I wanted to append the path of the file name? Any tips?

This isn't an answer to your question, but I just wanted to warn you: If 
you place something like a path in a hidden field, or as part of a 
select option, you have no guarantee that a user won't change it before 
submitting the form. Most browsers won't let them, but there are plenty of 
other ways they can (for instance, debugging web proxies that allow 
editing of raw form submissions, and so on).

So it's VERY IMPORTANT that you don't rely on this path without doing
further checks to make sure it's really valid. Otherwise people could try
to read or write any file on your system. They probably won't get away
with writing directly, but if they manage to read your password file or
something, they soon will be writing.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to