I am writing cgi to edit a list of values obtained from a database which
on form submission is progaged back to a database. How is this usually
done such that end-user can only change the values presented?
For example, given the following table ("tbl"), I only want the end-user
to change row 1 and 3 for a run of my cgi:
id txt
1 hello
2 sweet
3 world
with the form looking something like this:
<input name="a" value="hello"/>
<input name="b" value="world"/>
(1) One solution would be to keep a record of what to expect back, e.g.
(session_id, a, b) either in the cgi with the help of backend storage or
in database middleware. (2) Another solution would be to keep record in
a hidden field of the page itself e.g. (a, b, hmac(a+b, secret))
If the value of id is interesting, a and b could be unique values that
map to the real ids.
/Allan
--
Allan Wind
P.O. Box 2022
Woburn, MA 01888-0022
USA
- application/pgp-signature attachment: stored
Received on Oct 29 2002
Intro
