Re: Google MAP URLs
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 67487
interpreted = N
texte = To follow up on John's suggestion,[url] wrap any data going into a search or being used as a parameter for a context or command. This prevents passed ampersands from interrupting the webdna code. [input] wrap any data going between quotes or in a textarea. This prevents characters from ending an html parameter or putting odd data in a textarea. [convertchars] wrap any user data being shown on the page. This prevents XSS (I think). That should solve many problems. Bill-----Original Message-----From: John Peacock
Sent: Fri, 16 Jun 2006 13:05:31 -0400To: "WebDNA Talk" Subject: Re: Google MAP URLsNick Griffie wrote:> Here's the db code.> > [replace> db=../db/article.db&eqaskudata=[asku]&alink1=[alink1][/replace][replacedb=../db/article.db&eqaskudata=[asku]&alink1=[url][alink1][/url][/replace]It is almost always appropriate to wrap any user-entered field in [url] when storing something in a database.John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
To follow up on John's suggestion,[url] wrap any data going into a search or being used as a parameter for a context or command. This prevents passed ampersands from interrupting the webdna code. [input] wrap any data going between quotes or in a textarea. This prevents characters from ending an html parameter or putting odd data in a textarea. [convertchars] wrap any user data being shown on the page. This prevents XSS (I think). That should solve many problems. Bill-----Original Message-----From: John Peacock Sent: Fri, 16 Jun 2006 13:05:31 -0400To: "WebDNA Talk" Subject: Re: Google MAP URLsNick Griffie wrote:> Here's the db code.> > [replace> db=../db/article.db&eqaskudata=[asku]&alink1=[alink1][/replace][replacedb=../db/article.db&eqaskudata=[asku]&alink1=[url][alink1][/url][/replace]It is almost always appropriate to wrap any user-entered field in [url] when storing something in a database.John-- John PeacockDirector of Information Research and TechnologyRowman & Littlefield Publishing Group4501 Forbes BoulevardSuite HLanham, MD 20706301-459-3366 x.5010fax 301-429-5748-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
devaulw@onebox.com
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Wrapping text (1998)
protect tag on NT IIS (1997)
Showif Context combined with Search (1997)
Kaaaaahhhhhhhnnnnnnn! (1997)
Separate SSL Server (1997)
[WebDNA] Screen Resolution - detection & redirect (2012)
Help! WebCat2 bug (1997)
Fwd: FW: Purchase Command error (1997)
WebDNA's portability (2007)
Plugin or CGI or both (1997)
Removing [showif] makes a big difference in speed (1997)
[SHOWIF] (1997)
emailer error -108 (1997)
Linebreak as a delimiter in listwords? (2003)
can WC render sites out? (1997)
Laying an egg. (1998)
PhotoMill -> PhotoMaster (1997)
Limiting user access to .tmpl files (1997)
Running _every_ page through WebCat-error.html (1997)
RE: Clearing orders and database help! (1997)