Let me explain what I'm trying to emulate. If you have seen any of the major job boards, they allow you to save "search agents". Those agents at least on Monster, Dice, HotJobs I think , spare you the hassle of going to the search page and reentering the criteria. The agents can act in various ways: 1-If you are on the site , you can execute from there. 2-You can also have it emailed and that comes in two flavors. a- the query is run for you and the results are sent in an email b-an email goes out with a link to a page, you hit "view" (on Monster) and your agent returns results. My only guess is that the query is what's being grabbed and saved. You raise a good point about security , but users don't actually get to see the query. All they are getting is the results , from the one they decided to save. Stuart --- Joseph Crawford <codebowl@xxxxxxxxx> wrote: > i am sorry but i would never post a querystring > along with a form i > mean doing that and processing it will open your > site to > vulnerabilities. > > yes you could do it as a post variable and a hidden > field but that > doesnt stop people from saving the html document to > thier computer > altering the query and then submitting the form, i > guess you could add > a check to make sure that the refering page is > yourdomain.com but if i > am correct this could open up a world of trouble. > > If however i am wrong someone please respond and > correct me :) > > > -- > Joseph Crawford Jr. > Codebowl Solutions > codebowl@xxxxxxxxx > 802-558-5247 > > For a GMail account > contact me OFF-LIST > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
