Completely OT

Lie Ryan lie.1296 at gmail.com
Mon Nov 30 20:17:15 CET 2009


On 12/1/2009 5:00 AM, inhahe wrote:
> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<inhahe at gmail.com>  wrote:
>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>> <victorsubervi at gmail.com>  wrote:
>>>
>>>
>>> If I'm not mistaken, that won't help me actually print to screen the user's
>>> choices as he selects them, which in my application, is important. Please
>>> advise.

That's where Javascript kicks in. You only need to use the javascript to 
modify your document (visual effect); you won't need it to submit to the 
server (the real action).

>
> also don't forget to sanitize the data you receive before committing
> it to the database, or someone can hack the javascript and send an SQL
> injection attack

Or a XSS attack (Cross-site scripting). Basically, you want to check 
whether the string received by the server matches your own predefined 
list of colors before storing to the database.



More information about the Python-list mailing list