Sorry. . your sample. > testv.php?&findlist=0&STREET=gipps&=Search&searchitem=Roads_MGA56&mode=search
my idea address. > test2.php?&findlist=0&STREET=gipps&stsmode=Search&searchitem=Roads_MGA56&mode=search 2008/12/16 TTO <kihei...@gmail.com>: > Hello. > > # I cannot speak, write and read English well. > > # As a general story though it has not deeply seen xmlhttp.js > > Some parameters are given, and the processed story is difficult. > > For example at php. > > You show. >> &findlist=0&STREET=gipps&=Search&searchitem=Roads_MGA56&mode=search > In the request of ..peel.. , > Though it understands when the following codes are written(test.php) > <html><body> > <?php > echo '<p>findlist='; > echo $_REQUEST['findlist']; > echo '</p>'; > echo '<p>STREET='; > echo $_REQUEST['STREET']; > echo '</p>'; > // echo '<p>stsmode='; > // echo $_REQUEST['stsmode']; > echo '</p>'; > echo '<p>searchitem='; > echo $_REQUEST['searchitem']; > echo '</p>'; > echo '<p>mode='; > echo $_REQUEST['mode']; > echo '</p>'; > ?> > </body></html> > > It becomes the following if it executes it by this in a local > environment that passing passes. > -- > findlist=0 > > STREET=gipps > > searchitem=Roads_MGA56 > > mode=search > -- > > In reality > If STREET=gipps&=Search is a value wanting it, it is necessary to divide > there. > Because it spreads to the security problem. It ends comment // by the example > above, and it accesses it as follows. > test2.php > -- > <html><body> > <?php > echo '<p>findlist='; > echo $_REQUEST['findlist']; > echo '</p>'; > echo '<p>STREET='; > echo $_REQUEST['STREET']; > echo '</p>'; > echo '<p>stsmode='; > echo $_REQUEST['stsmode']; > echo '</p>'; > echo '<p>searchitem='; > echo $_REQUEST['searchitem']; > echo '</p>'; > echo '<p>mode='; > echo $_REQUEST['mode']; > echo '</p>'; > ?> > </body></html> > -- > > Result > -- > findlist=0 > > STREET=gipps > > stsmode=Search > > searchitem=Roads_MGA56 > > mode=search > -- > In this, the value correctly can take and :. > I think that it only has to assemble complex codes such as swtich, > case, and if with > STREET and stsmode. > > It is not desirable that the evaluation type and the executable > statement (for instance, SQL), etc. enter the value. > It is necessary to sanitize it. > > -- > Takashi Ota. > > 2008/12/16 Rogers, Janet (SKM) <jrog...@skm.com.au>: >> I am using pmapper V3.2.0. My search results are returning "No Records >> Found". I have mananged to work out the variable params value which is >> passed to the function getQueryResults in xmlhttp.js and it is: >> >> >> >> &findlist=0&STREET=gipps&=Search&searchitem=Roads_MGA56&mode=search >> >> >> >> It appears to me that there is something missing between "gipps&" and " >> =Search", but I cannot work out what this is or where the value should >> come from. I would appreciate it if someone could at least confirm that >> the params variable is not correct. If you can help me further to work >> out where the missing variable is coming from, I would really appreciate >> it. >> >> >> >> (I have had great difficulty stepping through the code with the IE and >> Firefox debuggers, as it just appears to hang.) >> >> >> >> Thank you, >> >> >> >> >> >> >> >> JANET ROGERS >> >> >> >> >> >> >> SKM is committed to working with its clients to deliver a sustainable future >> for all. Please consider the environment before printing this e-mail. >> Notice - This message contains confidential information intended only for >> the exclusive use of the addressee named above. No confidentiality is waived >> or lost by any mistaken transmission to you. If you have received this >> message in error please delete the document and notify us immediately. >> Any opinion, text, documentation or attachment received is valid as at the >> date of issue only. The recipient is responsible for reviewing the status of >> the transferred information and should advise us immediately upon receipt of >> any discrepancy. >> All email sent to SKM will be intercepted, screened and filtered by SKM or >> its approved Service Providers. >> ------------------------------------------------------------------------------ >> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. >> The future of the web can't happen without you. Join us at MIX09 to help >> pave the way to the Next Web now. Learn more and register at >> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ >> _______________________________________________ >> pmapper-users mailing list >> pmapper-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/pmapper-users >> > ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ pmapper-users mailing list pmapper-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pmapper-users
