List:General Discussion« Previous MessageNext Message »
From:Werner Stuerenburg Date:July 14 2001 7:26am
Subject:Re[2]: why it is like this... {}
View as plain text  
>   I am taking some value from html form as i shown and i am inserting that
> value be getting thru request.getParameter("<name>") and inserting into the
> table along some other values.

> I am using in servlets.

Hm. I don't know about servlets. Seems like that does something
wrong.

It is pretty dangerous to take html from a form. You can do lots
of evil things. Therefore, most people take care to disable html
from forms or at least only let simple things pass like <B> or
the like.

Hence I guess that the servlet does some sort or
html-disabling/filtering and gets it wrong.

Disabling html from forms is not easy either. See for example the
discussion at http://php.net/manual/en/function.strip-tags.php
for the function strip-tags, which should do just that. (Someone
has found that even this can be circumvented, so they had to
improve another time - see comment 14-Mar-2001 02:23 and
following.)

I use php which is very convenient. You can do eveything you
dream of very easily. In particular, if anything goes wrong, you
can have a look at it and understand why.

But, I must admit, there is a learning curve, as is with
everything.



-- 
Herzlich
Werner Stuerenburg            

_________________________________________________
ISIS Verlag, Teut 3, D-32683 Barntrup-Alverdissen
Tel 0(049) 5224-997 407 · Fax 0(049) 5224-997 409
http://pferdezeitung.de
Thread
Re[2]: why it is like this... {}Werner Stuerenburg14 Jul