[Tutor] Design suggestion - is a cookie the answer?
alan.gauld at freenet.co.uk
Mon Jan 16 02:12:40 CET 2006
> I'm sure this is implied in Alan's post, but I'm going to point it out
> To avoid further cheating you might want to sure there is no way to
> button and a form with an 'onSubmit' validation. Which some examples
> browser and bypass your validation.
Nope that wasn't implied in my post. I confess I just rely on
> way of doing it, then so be it. Will the URL intervene in just
> presenting a URL to the browser?
The onValidate technique just does a check before sending
and if it returns false doesn't send. The onClick method
actually requires you to explicitly submit the form to the
URL, that's why it's more secure.
> One of the 'cheats' was just putting the cursor within the
> pick this up as well?
picks up the explicit events you register with it(*). One of
the problems of using CGI is the ese of frigging it. I assume
you are using GET instead of POST? GET is the default
submission method but POST is nearly always better and
should avoid the problem here. (I think, I haven't tried it!)
(*)Not really true it will execute any inline code too.
But it won't trigger to events that have not been registered,
like a direct address refresh.
it ois of course only one way to do it. You could add code
in your CGI that simply checks that all answers are filled
in before responding, but that means a longer delay in
response. In general where you want to validate that a form
has been filled in its a better user experience to do it in
Author of the learn to program web tutor
More information about the Tutor