Home > Archive > PERL CGI Beginners > March 2006 > newbie needs help on hidden and CGI parameters
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
newbie needs help on hidden and CGI parameters
|
|
| Mary Anderson 2006-03-09, 6:55 pm |
|
Hi all,
I have a login screen login.pl which calls another application
sampleEntry.pl. The login and password are passed to a multipage Sample
Entry program as CGI parameters
sampleEntry.pl?login=mylogin&password=mypassword.
These two parameters are used in one of the pages to login to a MySQL
database, and are passed back to sampleEntry.pl when that program is
reloaded to create a new record.
Hidden, which I am trying to use to pass these two parameters around, is
a complete mystery!
My previously reported performance degradation apparently came from
misusing hidden. In those days, there was just one application. Once I
learned I could use it to pass parameters to fields which appeared on one
page and not the other, I used it liberally throughout the program. It
appeared to have some very strange effects -- namely doubling the number of
fields each time it was used on a page on which the fields appeared! This
wrecked havoc with my performance.
Now, however, it is a complete mystery. I call sampleEntry with the
login and password, and work my way through the application until I get to
the page which connects with the database. At that point, it connects even
though I do
my $login = param(-name=>'Login');
my $password = param(-name=>'Password');
print "login = $login",
hr;
print "password = $password",
hr;
$DBH = DBI->connect("dbi:mysql:meadowRue:localhost", "$login", "$password");
just before doing the database connect.
Output; login =
password =
But the database connects!!!!
Then, when I try to pass the value of login back to sampleEntry, which is
being reloaded to start a new record, the value of $login is seen to in
fact be null.
How should I be passing these parameters? SampleEntry has multiple pages
but no explicit Login or Password textfields.
Thanks
| |
| Sean Davis 2006-03-09, 6:55 pm |
| You realize that "hidden" fields are not hidden, right? You just have to
view the source of the page in which they are embedded and you now know the
username and password, and that with every round-trip to the server, this
information is sent in plain-text (unless you are using SSL)? I would read
up on using sessions to store these types of sensitive information.
As for why you can login with empty username and password, is it possible
that your mysql allows that from localhost? You may want to check on that.
Sean
On 3/9/06 11:41 AM, "Mary Anderson" <mfanderson@ucdavis.edu> wrote:
>
> Hi all,
> I have a login screen login.pl which calls another application
> sampleEntry.pl. The login and password are passed to a multipage Sample
> Entry program as CGI parameters
>
> sampleEntry.pl?login=mylogin&password=mypassword.
>
> These two parameters are used in one of the pages to login to a MySQL
> database, and are passed back to sampleEntry.pl when that program is
> reloaded to create a new record.
>
> Hidden, which I am trying to use to pass these two parameters around, is
> a complete mystery!
>
> My previously reported performance degradation apparently came from
> misusing hidden. In those days, there was just one application. Once I
> learned I could use it to pass parameters to fields which appeared on one
> page and not the other, I used it liberally throughout the program. It
> appeared to have some very strange effects -- namely doubling the number of
> fields each time it was used on a page on which the fields appeared! This
> wrecked havoc with my performance.
>
> Now, however, it is a complete mystery. I call sampleEntry with the
> login and password, and work my way through the application until I get to
> the page which connects with the database. At that point, it connects even
> though I do
>
> my $login = param(-name=>'Login');
> my $password = param(-name=>'Password');
> print "login = $login",
> hr;
> print "password = $password",
> hr;
>
> $DBH = DBI->connect("dbi:mysql:meadowRue:localhost", "$login", "$password");
>
>
> just before doing the database connect.
>
> Output; login =
> password =
>
> But the database connects!!!!
>
> Then, when I try to pass the value of login back to sampleEntry, which is
> being reloaded to start a new record, the value of $login is seen to in
> fact be null.
>
> How should I be passing these parameters? SampleEntry has multiple pages
> but no explicit Login or Password textfields.
>
> Thanks
>
>
|
|
|
|
|