Hi,
Altrough i agree that this won't be secure
I want to comment the JavaScript part:
The combox doesn't have a value, it is an array of
values.
You should try like this.
var i=0;
var sel=0;
while(f.combo_LEC_ID[i])
if(f.combo_LEC_ID[i].selected) {
sel=i;
break;
}
i++;
}
file://now do the compareing:
if( f.input_lecID.value!=f.combo_LEC_ID[sel].value) {
alert(...);
}
else {
}
Hope it helps.
Please reply.
Best wishes,
Andras.
----- Original Message -----
From: Lalith Jayaweera <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 14, 1999 10:41 AM
Subject: BIG PROBLEM...(READ carefully)
> In my project there is a particular interface with a COMBO BOX and many
text
> fields.The combo is populated from a database and displays the names of
> lecturers but though it display names the values given to each and every
option
> is lecturer identity which is a unigue key to each and every lecturer.
That
> particular code is as follows(only the above discussed part)
>
>
> ...
> out.println("<select name=dept size=1>");
> while(rs.next()){
> out.println("<option
> value="+rs.getString("lecturer_id")+">"+rs.getString("lec_name"));
>
> }
> out.println("</select>");
> ....
>
>
> And after the combo box there is another text box which asks the
> user(client=lecturer) to input his lecturer id. Then I wrote a JAVA Script
to
> validate these two values.
>
> Why I did in this way is since I have lecturer id with me I can compare it
> with the
> entered value rather than queryying the database again.Take in to account
that
> lecturer id is a seceret value only that particular lecturer know.
> (Consider that though the user go to view-pagesource in his browser he
cant
> see the
> lec-id coz am calling this servlet from a HTml document.)
>
> Now I have 2 problems.
>
> 1)Is this method good enough as far as the security is concerned. Or
Should
> I not
> incooperate the LecID with the combo and later querry the database again
to
> validate
> the entered LecturerID with the real value.
>
>
> 2)The Biggest problem is the the relevant java Script does not work the
code is
> ....
> out.println("<script language=javascript>");
> out.println("function hello(servletName,f)");
> out.println("{ if(f.input_lecID.value!=f.combo_LEC_ID.value) {");
> out.println("alert(\"Wrong Lec Id Access Denied\");}");
> out.println("else {");
> out.println("document.myform.action=servletName;");
> out.println("document.myform.submit();}}");
> ...
>
> Gives error in the above comparison.
> consider f=form and ignore the servletname for the time being.
>
> Though the lecturer id in the database is text it cannot compare the two
> values which
> the user enters in the combo and in the text box.Whats wrong. Then I wrote
a
> Java
> Script to get the value combo then it says it is null.What's wrong.
>
> (How can I deal with combo's populated like this)
>
>
> Write me soon.
> Early answer very much appreciated.
>
> lalith
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
