Hello
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0"
name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="on****@m ydomain.com">
<input type="hidden" name="item_name " value="Widget 1 User (GB)">
<input type="hidden" name="item_numb er" value="Widget1U K">
<input type="hidden" name="amount" value="30.00">
<input type="hidden" name="no_shippi ng" value="1">
<input type="hidden" name="currency_ code" value="GBP">
<input type="hidden" name="lc" value="GB">
Then I stick a button on my web page and that is fine.
But I would rather make this dynamic. Eg I would have a dropdown box where
user could select eg 1, 2, 3 etc User and amount would then be different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
I can create the dropdown no problem but how do I make sure the dynamically
selected values are sent to mycart? eg rather than using:
<input type="hidden" name="amount" value="30.00"> - which is static, I will
have a variable called amount, where I dynamically set the vlaue.
Angus Comber
6  3905 
"Angus Comber" <an***@NOSPAMit eloffice.com> wrote: <form target="mycart"
Target Attribute Considered Harmful. It either opens a new window, or
you are playing with frames. Both are _bad_. Don't do target, mm'kay?
<input type="image" src="https://www.website.com/btn/click-but.gif"
Image Submit Buttons Considered Harmful. They win nothing but esthetics
in the deeziner's eye, and they imply accessibility problems.
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
But I would rather make this dynamic. Eg I would have a dropdown
box where user could select eg 1, 2, 3 etc User and amount would
then be different value.
And what would be the problem with that, apart from the obvious?
(The obvious part is that it is easier to users to type a number than
to select an item from a dropdown list.)
I can create the dropdown no problem but how do I make sure the
dynamically selected values are sent to mycart?
You can't, of course. HTML is no programming language. It's a poor
lonesome data format.
As usual, there will probably be someone who tells you to use
JavaScript. I wish I were a more dishonest person and took advantage of
such situations, ordering 1,000,000 widgets for the price of one simply
by disabling scripting on my browser.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
Are you saying I need to do this in something like perl?
Angus
"Jukka K. Korpela" <jk******@cs.tu t.fi> wrote in message
news:Xn******** *************** ******@193.229. 0.31... "Angus Comber" <an***@NOSPAMit eloffice.com> wrote:
<form target="mycart"
Target Attribute Considered Harmful. It either opens a new window, or
you are playing with frames. Both are _bad_. Don't do target, mm'kay?
<input type="image" src="https://www.website.com/btn/click-but.gif"
Image Submit Buttons Considered Harmful. They win nothing but esthetics
in the deeziner's eye, and they imply accessibility problems.
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
But I would rather make this dynamic. Eg I would have a dropdown
box where user could select eg 1, 2, 3 etc User and amount would
then be different value.
And what would be the problem with that, apart from the obvious?
(The obvious part is that it is easier to users to type a number than
to select an item from a dropdown list.)
I can create the dropdown no problem but how do I make sure the
dynamically selected values are sent to mycart?
You can't, of course. HTML is no programming language. It's a poor
lonesome data format.
As usual, there will probably be someone who tells you to use
JavaScript. I wish I were a more dishonest person and took advantage of
such situations, ordering 1,000,000 widgets for the price of one simply
by disabling scripting on my browser.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
Angus Comber wrote: Hello
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0"
name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="on****@m ydomain.com">
<input type="hidden" name="item_name " value="Widget 1 User (GB)">
<input type="hidden" name="item_numb er" value="Widget1U K">
<input type="hidden" name="amount" value="30.00">
<input type="hidden" name="no_shippi ng" value="1">
<input type="hidden" name="currency_ code" value="GBP">
<input type="hidden" name="lc" value="GB">
Then I stick a button on my web page and that is fine.
But I would rather make this dynamic. Eg I would have a dropdown box
where user could select eg 1, 2, 3 etc User and amount would then be
different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
I can create the dropdown no problem but how do I make sure the
dynamically
selected values are sent to mycart? eg rather than using:
<input type="hidden" name="amount" value="30.00"> - which is static, I
will have a variable called amount, where I dynamically set the vlaue.
Just remove the hidden 'amount' element and replace it by a <select> with
the same name, e.g.
<select name="amount">
<option value="1.00">On e</option>
<option value="10.00" selected="selec ted">Some</option>
<option value="100.00"> Many</option>
</select>
The CGI script does not know and does not care from what kind of form
control the amount value comes from.
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
Jukka K. Korpela wrote: "Angus Comber" <an***@NOSPAMit eloffice.com> wrote:
<input ... alt="Make payments with website!">
It's PayPal, obviously. ;)
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
I take it you're not familiar with the PayPal shopping cart.
This is a downside of using the PayPal cart. PayPal doesn't have any
"product" info except what is sent to it via form fields. PayPal does
have an encrypted form data option, but it doesn't work dynamically.
Thus if PayPal is generating the customer receipts, there aren't many
choices.
On the upside is that the PayPal cart isn't likely to be used for any
kind of high volume business, so it's unlikely a cheater trying to get
something for free would go unnoticed. The seller could just cancel the
transaction. It isn't ideal, but is usable (for the seller).
Now you know. :)
--
Reply email address is a bottomless spam bucket.
Please reply to the group so everyone can share.
Angus Comber wrote:
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0" name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
[...]
But I would rather make this dynamic. Eg I would have a dropdown box where
user could select eg 1, 2, 3 etc User and amount would then be different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
Do the dynamic part before arriving at this page. Use server-side
scripting to verify and alter the values accordingly.
As Jukka pointed out, though, your use of hidden fields makes it easy
to send a modified form with all sorts of interesting entries. You'd be
more secure against such an attack using a server-side data store (flat
file, database) to hold the customer state info, and to generate and send
the page to the cart.
--
jmm dash list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
"Angus Comber" <an***@NOSPAMit eloffice.com> wrote: Are you saying I need to do this in something like perl?
Comprehensive quoting is a sure sign of lack of comprehensive reading.
Please read what I wrote, instead of quoting everything. If problems
remain, indicate which part you didn't understand, and ask a specific
well-formulated question.
But yes, that's more or less what I'm saying: you need to understand
how forms work. See http://www.cs.tut.fi/~jkorpela/forms/ for clues.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: mark.reichman |
last post by:
First off.. Thanks to Grant Wagner for help in a previous thread
related to this one.
I am at a total loss... I have multiple fields in a form with the
same name. Lets call the fields with the same name "junk_array". My
first field of junk_array is a input type=hidden. All the others
fields in junk_array that follow are type=text. I can reference this
first hidden field in IE with document.form.field.value. In, fact
my form works...
|
by: Roy Adams |
last post by:
Hi I'm reposting this question because for some reason can't post
follow up question to this thread.
What I'm trying to do is put the value and text from a a select in to
a text field and to a hidden field respectfully and the value from
dynamically created hidden fiields in to a text fieldin to a text
field all at the same time
Here's the code as viewed through the browser
<body bgcolor="#FFFFFF" text="#000000" >
<SCRIPT...
|
by: Randell D. |
last post by:
Folks,
I have a large amount of values to store (we're talking tens, if not
hundreds of bytes). I need this for a client side application - ignore
the security consequences for the moment - however my question is, which
is more performance effective, or easier on a clients resources?
I mean - if I have several <input type=hidden> tags with my values that
I can reference, would this have a greater overhead then, for example,
having an...
|
by: Mark McLellan |
last post by:
Dear all
Following the oft-repeated advice here and ciwas I have made my site
nearly 4.01 strict (working on it). There are some items on which I would
appreciate your advice:
1. Hidden fields
http://www.zoo.co.uk/~mmenterprises/contact.htm
I am using FormMail from Matt's Script Archive. The W3C validator
objected to the hidden fields unless I put, say, P round them. That gave
|
by: John |
last post by:
Hello.
I have a search form for music albums which among other things I need to
search all the song titles of the song. Normally in a search form I would
have checkboxes the user can use to select whether or not to search a given
field.
In this case it is not practical to have 20 checkboxes (each album can have
up to 20 song titles).
| | |
by: Microsoft_Public |
last post by:
All I'm getting is <null>......
I have a legacy input form that I must maintain for a few more months until
the balance of the site can be converted to .Net.
I need the one database field to contain either 0, 1, 2.
The form has 2 pairs of radio button fields.
If the answer to the first Q is Yes value = 1
|
by: BcNexus |
last post by:
Hello all,
The search function of this forum isn't working although I found a similar question on the forum using Google, but the replies don't help me. So, forgive me please if this has been answered before.
I have a cgi program in Python that genereates an HTML page with a form with hidden fields whose values are set via the following:
##Print hidden "usernameH", "passwordH", "timeH", "checksumH", and toPageH, fields with value attribs...
|
by: mark |
last post by:
Forgive me if this seems like a stupid question but I need help...
I'm trying to do a simple online form that emails me the results from
a few fields.
Here is the code:
<form action="http://cm1web1/WebSurveyComponents/script/
processform.asp" method="post">
|
by: dba |
last post by:
using the following code with a problem....
echo "<input type='hidden' name='member_id' value=\"{$row}\">{$row}";
echo "<input type='radio' name='member_name'
value=\"{$row}\">{$row}<br />";
The post_data.php program posts the following
member id is: 0009
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
