Re: onClick

["mel list_php" <list_php@xxxxxxxxxxxxx>]

What I actually do is I retrieve the POST array and then extract the 
variables at the beginning of my script.
That's also why I forgot to add the quotes because I initialize my variable 
at the beginning, and I'm dealing with $cloningView directly.
I just added it manually to make it clear that it was coming from the form.

Why do you think that checking the value ($cloningView=="View") is better?
I just put something for it to be true but never paid attention to the exact 
string. I don't see the difference, if that POST variable exists it comes 
from my posted form so had that value. I just want my user to display 
something else when clicking on a button, so I don't care about the value 
itself.
I suppose it's a security thing but I don't see it?

Thanks!



> From: anirudh dutt <aneroid@xxxxxxxxx>
> Reply-To: anirudh dutt <aneroid@xxxxxxxxx>
> To: Ron Piggott <ron.php@xxxxxxxxxxxxxxxxxx>
> CC: PHP DB <php-db@xxxxxxxxxxxxx>
> Subject: Re:  onClick
> Date: Tue, 1 Mar 2005 17:49:23 +0530
>
> On Mon, 28 Feb 2005 21:41:45 -0500, Ron Piggott
> <ron.php@xxxxxxxxxxxxxxxxxx> wrote:
> > Another question: Is there a way that I may set up an IF command with 
> the
> > onClick function so that my_web_page.php3 will not be displayed unless a 
> web
> > form was used to generate it?  Ron
> >
>
> if ur page was generated by a non-form-submit (anything else), the
> click wouldn't matter since ur page/form wasn't being used in the
> first place. so any client side javascript validation u wanna use
> won't even be called.
>
> On Tue, 01 Mar 2005 09:37:09 +0000, mel list_php <list_php@xxxxxxxxxxxxx> 
> wrote:
> > I use a submit button with a name:
> > <input type='submit' name='cloningView' value='View'>
> >
> > and then I can test on that name:
> > if($_POST[cloningView])
> > {
> > ...display new web page ......
> > }
> >
>
> (i think) he means
> if(isset($_POST['cloningView'])) //add single/double quotes to avoid a 
> warning.
> or
> if(isset($_POST['cloningView']) && $_POST['cloningView']) == 'View')
> depending on paranoia level, not that it'll help but i bet it makes u
> feel better ;-)
>
> but that can be faked quite easily. just make sure u check all GPC
> variables before using them. at the minimum, check if they exist.
>
> --
> ]#
> Anirudh Dutt
>
>
> ...pilot of the storm who leaves no trace
> like thoughts inside a dream
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php