Announcement

#2 · 02-10-05, 05:06 PM

Editing records

Bad syntax - missing quotes. Also avoid using macros - with the code you
use, I can go to your website and immediately download all your files from
both data and script directories. I can also install Trojans, delete or
modify your files and much more. Additionally, it is wise to always use the
full scope when referring to a variable - in this case the database alias.

It should look like this:

<input name="ed_cem" type="text" length="40" value="{yourAlias.d.cem}">

Ivo
http://mivo.truxoft.com

-----Original Message-----
From: Sandy Rozhon

I'm trying to edit a record in my database but for some reason if a
field has more than one word in it, I'm losing the rest. The method
I've chosen uses this inside of FORM tags:

<td><INPUT NAME=ed_cem TYPE=Text length=40 value=&[d.cem]> </td>

If the db holds "Saint Mary's Cemetery" in d.cem, only "Saint" shows
up in the Input field and if you don't notice it because you are
changing some other field, the db ends up with only "Saint" and
everything else is lost.

Any suggestions?
Sandy

#3 · 02-10-05, 05:11 PM

Editing records

Actually, you should also use encodeentities() - either when storing the
collected user value into the database or when displaying it:

<MvASSIGN NAME="yourAlias.d.cem" VALUE="{encodeentities(g.ed_cem)}">
<MvUPDATE NAME="yourAlias">

Or

<input name="ed_cem" type="text" length="40" value="{
encodeentities(yourAlias.d.cem)}">

This will avoid that somebody injects JavaScript, or other active or passive
HTML components.

Ivo
http://mivo.truxoft.com

-----Original Message-----
From: Ivo Truxa [mailto:[email protected]]
Sent: Friday, February 11, 2005 2:07 AM
To: 'Sandy Rozhon'; '[email protected]'
Subject: RE: [meu] Editing records

Bad syntax - missing quotes. Also avoid using macros - with the code you
use, I can go to your website and immediately download all your files from
both data and script directories. I can also install Trojans, delete or
modify your files and much more. Additionally, it is wise to always use the
full scope when referring to a variable - in this case the database alias.

It should look like this:

<input name="ed_cem" type="text" length="40" value="{yourAlias.d.cem}">

Ivo
http://mivo.truxoft.com

-----Original Message-----
From: Sandy Rozhon

I'm trying to edit a record in my database but for some reason if a
field has more than one word in it, I'm losing the rest. The method
I've chosen uses this inside of FORM tags:

<td><INPUT NAME=ed_cem TYPE=Text length=40 value=&[d.cem]> </td>

If the db holds "Saint Mary's Cemetery" in d.cem, only "Saint" shows
up in the Input field and if you don't notice it because you are
changing some other field, the db ends up with only "Saint" and
everything else is lost.

Any suggestions?
Sandy

#4 · 02-10-05, 05:44 PM

Editing records

> <input name="ed_cem" type="text" length="40" value="{encodeentities(yourAlias.d.cem)}">

and 'length' should be 'size'

--
Bill Guindon (aka aGorilla)

#5 · 02-11-05, 04:27 PM

Editing records

TEXTAREA displays whatever you put between the tags, so there is no reason
it would not display the variable if printed with MvEVAL. Do not forget to
use encodeentities():

<textarea...><MvEVAL EXPR="{encodeentities(alias.d.var)}"></textarea>

PS: when replying, please use the Reply to All button, instead of sending
just a private reply, unless you have a specific reason for doing so - i.e.
when sending sensitive private information :)

Ivo
http://mivo.truxoft.com

-----Original Message-----
From: Sandy Rozhon [mailto:[email protected]]

Thank you, Ivo.

Another question on a related theme. I want to allow for editing a
memo field using a similar method as I have below. INPUT doesn't
give me but one line. TEXTAREA gives me a box but doesn't seem to
display what I have in the memo field. Surely there must be a way to
let me edit the field?

Sandy

On 11 Feb 2005 at 2:06, Ivo Truxa wrote:

> Bad syntax - missing quotes. Also avoid using macros - with the code you
> use, I can go to your website and immediately download all your files from
> both data and script directories. I can also install Trojans, delete or
> modify your files and much more. Additionally, it is wise to always use
the
> full scope when referring to a variable - in this case the database alias.
>
> It should look like this:
>
> <input name="ed_cem" type="text" length="40" value="{yourAlias.d.cem}">
>
>
> Ivo
> http://mivo.truxoft.com
>
>
> -----Original Message-----
> From: Sandy Rozhon
>
> I'm trying to edit a record in my database but for some reason if a
> field has more than one word in it, I'm losing the rest. The method
> I've chosen uses this inside of FORM tags:
>
> <td><INPUT NAME=ed_cem TYPE=Text length=40 value=&[d.cem]> </td>
>
> If the db holds "Saint Mary's Cemetery" in d.cem, only "Saint" shows
> up in the Input field and if you don't notice it because you are
> changing some other field, the db ends up with only "Saint" and
> everything else is lost.
>
> Any suggestions?
> Sandy

#6 · 02-11-05, 04:33 PM

Editing records

On 12 Feb 2005 at 1:27, Ivo Truxa wrote:

> TEXTAREA displays whatever you put between the tags, so there is no reason
> it would not display the variable if printed with MvEVAL. Do not forget to
> use encodeentities():
>
> <textarea...><MvEVAL EXPR="{encodeentities(alias.d.var)}"></textarea>

So it would appear....now if I had spelled my db field properly, it
probably would have worked immediately and I wouldn't have had to
ask. <embarrassed shrug>

Thanks,
Sandy

Announcement

Editing records

Editing records

Comment

Comment

Comment

Comment

Comment