Completely OT
Lie Ryan
lie.1296 at gmail.com
Mon Nov 30 14:17:15 EST 2009
On 12/1/2009 5:00 AM, inhahe wrote:
> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<inhahe at gmail.com> wrote:
>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>> <victorsubervi at gmail.com> wrote:
>>>
>>>
>>> If I'm not mistaken, that won't help me actually print to screen the user's
>>> choices as he selects them, which in my application, is important. Please
>>> advise.
That's where Javascript kicks in. You only need to use the javascript to
modify your document (visual effect); you won't need it to submit to the
server (the real action).
>
> also don't forget to sanitize the data you receive before committing
> it to the database, or someone can hack the javascript and send an SQL
> injection attack
Or a XSS attack (Cross-site scripting). Basically, you want to check
whether the string received by the server matches your own predefined
list of colors before storing to the database.
More information about the Python-list
mailing list