[FX.php List] Using key other than RECID

Jonathan Schwartz jonathan at eschwartz.com
Sun Sep 25 12:21:59 MDT 2005 

>Jonathan,
>
>To respond to your emails in the order received;
>
>1.  the / at the end of the <input> tag in the previous example I sent to
>you is to ensure that the code is valid XHTML. Many tags have an opening and
>a closing tag, eg <html></html>, <p></p>, <form></form>, however the <input>
>tag does not, so to ensure valid code it becomes 'self-closing' by inserting
>the / after the parameters.  Other similar tags include <br /> and <hr />
>etc.
>

That makes sense.
Thank you!

>2.  the 'locking up' is not good...first off I'd ensure that you have all of
>the 'upgrades' available for which ever version of FM you're running...I've
>seen similar experiences described previously which have been remedied,
>particularly with the latest version of the Web companion plugin (assuming
>you're on <v6)
>

Right on the money.  I had to update Web Companion.  Assume that that 
will solve that issue.

>3.  I know there were a couple of suggestions made last time you asked a
>similar question...the simplest one to implement at this point was the
>suggestion someone made to use a php include, to simply 'include'
>details.php, with the correct recID passed to it in the php source, into
>your login_validate page.

You got me.  You're right.  Your original response to my original 
request with this project was to create what I then considered to be 
a more complex solution than I could work with at the time.  It 
seemed easier to learn and work with single-purpose pages 
(Logon/Logon Response/Detail/Edit/Edit Response/End), so I put your 
solution aside and did the discrete way.  The good news is that I've 
developed a MUCH better sense of what is going on. The bad news is 
that I face the original issue of passing recid from page to page, 
compromising security.

For the sake of security, I think that I'm ready to re-consider your 
solution, now that I have a better feel of FX.PHP and what is 
supposed to happen.  I can already see that someone breached my 
solution overnite, editing the first record in the file...probably 
not a co-incidence. ;-)

I will email you the files off list.

Thanks for your help.

Jonathan
>
>The more complex solution would in fact be to build your entire solution
>into just one page, (which is how I'd have approached this), then rather
>than posting back to different php docs each time, you'd post back to the
>same page, but pass an additional parameter (perhaps called 'action') which
>the page would then use to determine what to do...within the page you could
>use the 'switch' command (see php manual) to switch to the different blocks
>of code you've already written...the advantage of that is you can change the
>value of 'action' post processing within the page to display different
>information... It's Sunday morning here in Australia, and I'm off sailing
>for the day...if you're interested I'll try and put together a demo for you
>this evening if you send me your source files...
>
>Hope this helps...
>
>Cheers
>Steve
>
>>  Hello again.
>>
>>  Last on the list of important enhancements to include in my first
>>  solution is to change the key field used to get from page to page.  I
>>  am currently using recid, which appears on the URL.  Since this is
>>  generated by FMP and is sequential, it is easy to guess the next
>>  RECID and view another person's record.
>>
>>  I am using session.fp5 for the logon page and index.php page (copied
>>  from "Dogwalk"].  User is arriving to logon.php with user name and
>>  password.  After that, the solution uses recid through the rest of
>>  the screens: Detail.....Edit....Review...End.
>>
>>  I understand that I can use SessionID, which will be invisible on the
>>  URL.
>>
>>  Is this the way to go, or is there a better method?
>>
>>  Here's the URL if you'd like to look:
>>
>>  http://64.81.72.113/mvsd2/logon.php   Test Username and password are
>>  shown.
>>
>>  Would be happy to post code.  Thanks!
>>
>>  Jonathan
>>  --
>>
>>  Jonathan Schwartz
>>  Schwartz & Company
>>  817 Marin Drive
>  > Mill Valley, CA 94941
>>  Phone: 415-381-1852
>>  jonathan at eschwartz.com - http://www.eschwartz.com
>>
>>  _______________________________________________
>>  FX.php_List mailing list
>>  FX.php_List at mail.iviking.org
>>  http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list


-- 

Jonathan Schwartz
Schwartz & Company
817 Marin Drive
Mill Valley, CA 94941
Phone: 415-381-1852
jonathan at eschwartz.com - http://www.eschwartz.com

More information about the FX.php_List mailing list