NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: Matthew51 on July 31, 2009, 02:40:17 PM

Title: Insert only form?
Post by: Matthew51 on July 31, 2009, 02:40:17 PM

I use a form to that allows users to register them selfs with the web site.  However a clever individual could use this same form to view or even change the information of other users.

What is the best way to prevent this kinda of action?

Title: Re: Insert only form?
Post by: Bruce on August 02, 2009, 09:22:17 AM

Hi Mathew,

In the top embed point test p_stage for the preupdate and predelete possibilities, and return out.

(right-click, choose source, and look at the code generated at the top of the form.)

Cheers
Bruce

Title: Re: Insert only form?
Post by: Matthew51 on August 06, 2009, 03:00:56 PM

I tried this by putting the following code in at the start of the processed code:

  if band(p_stage, Net:CopyRecord) = Net:CopyRecord or |
     band(p_stage, Net:ChangeRecord) = Net:ChangeRecord or |
     band(p_stage, Net:DeleteRecord) = Net:DeleteRecord
    Return -3
  end

It still opened up the form to change a record.

I tested the value of p_stage.  Without the return statement I get the following sequence:
8192
16384
8192
1026
0

With return -3 I get:
8192
16384
8192
1026
0
8192
16384   
8192
1025

Title: Re: Insert only form?
Post by: Matthew51 on August 07, 2009, 12:18:50 PM

I've tried a slightly different idea that looks to be working.  I the same embed I put:

Code: [Select]

  if p_web.IfExistsValue('Change_btn') and p_web.getvalue('Change_btn') <> 'Insert'
    return -3
  end


Title: Re: Insert only form?
Post by: Bruce on August 07, 2009, 08:59:19 PM

Hi Matthew,

I think you've shown this is harder to be than it needs to be. I'm adding some code to NT 5 to let you specifically remve Insert or Change behaviour on a form. If the respective code is simply not generated then that's probably the safest approach.

Alas though, the change is too major to get into version 4.

Cheers
Bruce