I want to put a keyword search on my home (HTML) page which will call DBman via FORM ACTION="etc...". How can I strip out stupid stuff people are likely to put in, and prevent * searches and such things...?
May 6, 1999, 5:08 AM
Veteran / Moderator (8669 posts)
May 6, 1999, 5:08 AM
Post #4 of 6
Views: 2326
I think you can eliminate "*" searches by deleting the following line from sub query
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.
This will completely eliminate the "List All" function in your database.
As for html and ssi, I don't think that should cause a problem in a search. Only when adding a record.
------------------
JPD
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.
This will completely eliminate the "List All" function in your database.
As for html and ssi, I don't think that should cause a problem in a search. Only when adding a record.
------------------
JPD
May 8, 1999, 6:48 AM
User (172 posts)
May 8, 1999, 6:48 AM
Post #5 of 6
Views: 2317
JPDeni,
Thanks a mill....you really know DDBman inside out, don't you...? I meant to ask you, when do you sleep ..?
You've really taught me a lot, in here and it's more than just Perl. Now more than ever in my everyday life, I try to emulate the patience and willingness to help others that you I see you demonstrate here.
You set an excellent example of a true community leader.
Question,
I do not want to lose the List All function from the rest of the site, so could I say something like
if the * is in field 1 (the ID field) then process it else do not process it
The reason for this is that I plan to put a Category search on the home page as well, and I would like to have a "Show All" Option which does an * search on the ID field.
Any ideas ..?
Thanks a mill....you really know DDBman inside out, don't you...? I meant to ask you, when do you sleep ..?
You've really taught me a lot, in here and it's more than just Perl. Now more than ever in my everyday life, I try to emulate the patience and willingness to help others that you I see you demonstrate here.
You set an excellent example of a true community leader.
Question,
I do not want to lose the List All function from the rest of the site, so could I say something like
if the * is in field 1 (the ID field) then process it else do not process it
The reason for this is that I plan to put a Category search on the home page as well, and I would like to have a "Show All" Option which does an * search on the ID field.
Any ideas ..?
May 8, 1999, 7:48 AM
Veteran / Moderator (8669 posts)
May 8, 1999, 7:48 AM
Post #6 of 6
Views: 2333
Thank you for your nice words. You made my day!
LOL!! It varies. I don't have a set schedule at all, so I sleep when I'm tired and get up when I wake up. Sometimes I'm not tired until 6 am. Lately, I haven't been able to stay awake past 10 pm, which means I get up early. Besides, I like to keep people guessing.
Okay. You only want the "*" searches on the ID field. Hmmmmm.
I can't be sure this would work, 'cause I haven't tried it, but you could change
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*");
to
if ($field eq $db_key) {
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*");
}
Give 'er a try and see if it works.
------------------
JPD
Quote:
I meant to ask you, when do you sleep ..?LOL!! It varies. I don't have a set schedule at all, so I sleep when I'm tired and get up when I wake up. Sometimes I'm not tired until 6 am. Lately, I haven't been able to stay awake past 10 pm, which means I get up early. Besides, I like to keep people guessing.
Okay. You only want the "*" searches on the ID field. Hmmmmm.
I can't be sure this would work, 'cause I haven't tried it, but you could change
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*");
to
if ($field eq $db_key) {
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*");
}
Give 'er a try and see if it works.
------------------
JPD