Completely OT

[geremy condra]

On Mon, Nov 30, 2009 at 1:21 PM, Victor Subervi <victorsubervi at gmail.com> wrote:
> On Mon, Nov 30, 2009 at 2:00 PM, inhahe <inhahe at gmail.com> wrote:
>>
>> On Mon, Nov 30, 2009 at 12:58 PM, inhahe <inhahe at gmail.com> wrote:
>> > On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>> > <victorsubervi at gmail.com> wrote:
>> >>
>> >>
>> >> If I'm not mistaken, that won't help me actually print to screen the
>> >> user's
>> >> choices as he selects them, which in my application, is important.
>> >> Please
>> >> advise.
>> >> TIA,
>> >> V
>> >
>> >
>> > sure, that's where this part comes in:
>> >
>> > the javascript would populate the list for the colors the user selects
>> > (the easiest way would probably be to give the list an id and use
>> > getElementByID())
>> >
>> > so basically you'd define, e.g., an onClick="blah('red'); return true"
>> > within the red element's tag, and then define a function blah(x) that
>> > says
>> > getElementById("my_list_id").innerHtml += "<br>" + x;
>> > and of course give your list textarea an id="my_list_id" attribute in
>> > the tag.
>> >
>> > that could be slightly wrong, my javascript's rusty
>> >
>>
>> also don't forget to sanitize the data you receive before committing
>> it to the database, or someone can hack the javascript and send an SQL
>> injection attack
>
> Good call! However, in my case I can put this all behind a firewall. It's
> only for the shop builder's use, and that's my client...whom I can track!
> But I presume this would entail doing searches for and eliminating all
> unnecessary characters, right?
> V

Don't homebrew these things, they're easy to screw up and disastrous
to get wrong. Also, if you're worried about how secure something
you've written is, you can give yourself a little peace of mind by
running over it with some of the standard script kiddie tools before
deployment. It'll at least give you the comfort of knowing that they
won't be able to autopwn you for a while.

Geremy Condra