i've searched here and in FAQ and can't find answer. is there a way to prevent user from including html tags in a field such as <a href = .... etc thanks
i'm having a problem. i have one field (external text field mod) that i am allowing html in only one database. i have a flag in cfg called $allow_html. i am able to add a new record with the tag. but when i modify the record it removes the tag. can you see what's wrong? here's my parse:
I have a form in my db that uses Javascript to calculate totals, etc. Every now and then someone will put in a space or some other character that causes the JavaScript to break. JavaScript returns N.aN ("not a number" if i'm not mistaken) when it's given something like 2 + A = N.aN (instead of 2 + 2 = 4). The invalid number causes another db to crash when it finds something other than a number in the field (upon importing the data into the new db).
As for the other item... I can only troubleshoot by process of elimination... lemme play with a copy of mine and see (unless someone else spots it - it'll prolly be obvious to anyone who knows perl but I'm a hacker not a programmer so I can only hack at it. ha ha).
no luck. i don't understand why it would ignore the unless statement. i've had problems before with scripts ignoring require statements inside conditions but i think i've read why and it made sense. but i don't see why it would ignore substitutions!
I was thinking that if they were "using strict" then maybe it was ignoring undeclared variables, but that doesn't seem to be the case... try adding "use warnings;" under the she-bang in db.cgi and see if it swquaks about anything.
i typed use warnings; under the first line and i got a server error. i added -w to the shebang and it ran ok but i didn't get any warnings. was this correct?
The best I can tell is that the parse_form sub runs before anything else happens... if you move it to validate_record then you'd have the option of giving specific error messages for specific records such as "please don't use html tags, etc." as opposed to just silently stripping them from the form input. Not sure if that'd create any security holes or not?