in reply to Re: Re: pulling php into perl
in thread pulling php into perl

"Oooh... as well, you may wish to be more careful with user-supplied data: Cross-scripting attacks are possible ya know :) " Yikes, How do I edit my posts????

Replies are listed 'Best First'.
Re^4: pulling php into perl
by Coruscate (Sexton) on Jun 21, 2003 at 20:05 UTC

    I simply did it by passing html tags as the item number. Since you print out the item I was trying to access without escaping the html... well. The best way to fix it to say 'That item ID does not exist', rather than 'Item ID xxxx does not exist'. Never print back to the user information that they gave you without validating it first.

    If the above content is missing any vital points or you feel that any of the information is misleading, incorrect or irrelevant, please feel free to downvote the post. At the same time, please reply to this node or /msg me to inform me as to what is wrong with the post, so that I may update the node to the best of my ability.

[reply]
Re: Re: Re: Re: pulling php into perl
by Anonymous Monk on Jun 21, 2003 at 20:56 UTC
    Problem solved!! between the posts here and the programmer who wrote the indicator... We were able to solve the problem..thanks guys!!! really appreciate the help!!!

    Seriously how do I edit out my domain paths? or can the moderator please remove them for me... It's one thing to know about it.... but to have a working demo in this forum is a little unerving!!

[reply]

In Section Seekers of Perl Wisdom