their browser history.
..
-Original Message-
From: Andrew Kreps [mailto:[EMAIL PROTECTED]
Sent: Friday, July 14, 2006 7:15 PM
To: Skip Evans
Cc: Php-Db
Subject: Re: [PHP-DB] Submitting form from a href
Skip,
Just so you know, there is a general PHP user's list available for just such
a request
PROTECTED]
Sent: Friday, July 14, 2006 7:15 PM
To: Skip Evans
Cc: Php-Db
Subject: Re: [PHP-DB] Submitting form from a href
Skip,
Just so you know, there is a general PHP user's list available for just
such
a request. It's rather high-traffic, so be warned.
Now then, on to the problem. I believe I've
I don't think so, because the OP needs other form fields submitted as well.
Regards,
Dwight
-Original Message-
From: Sean Mumford [mailto:[EMAIL PROTECTED]
Sent: Monday, July 17, 2006 9:24 AM
To: 'Php-Db'
Subject: RE: [PHP-DB] Submitting form from a href
Couldn't you achieve
Subject: Re: [PHP-DB] Submitting form from a href
Skip,
Just so you know, there is a general PHP user's list available for just such
a request. It's rather high-traffic, so be warned.
Now then, on to the problem. I believe I've figured out a way to make this
happen. I've only tested it on IE 6
Dave W wrote:
The problem with GET is that a user that looks at the source code of the
html can easily just input what they want for the argument. Can you
say SQL
injection?
Can you say input validation? Regardless of where user input comes from,
whether it's in the URL, in POST vars or in
A little javascript would do it.. like so:
a href=Javascript: getElementById('letterpressed').value = 'A';
getElementById('thisform').submit; void 0;A/a
!-- Repeat for each letter --
form action=target.php id=thisform
input type=hidden id=letterpressed name=letterpressed value=
input
Skip,
Just so you know, there is a general PHP user's list available for
just such a request. It's rather high-traffic, so be warned.
Now then, on to the problem. I believe I've figured out a way to make
this happen. I've only tested it on IE 6 and Firefox 1.5.0.4, so your
browser
