Hello
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0"
name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="on****@mydomain.com">
<input type="hidden" name="item_name" value="Widget 1 User (GB)">
<input type="hidden" name="item_number" value="Widget1UK">
<input type="hidden" name="amount" value="30.00">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="lc" value="GB">
Then I stick a button on my web page and that is fine.
But I would rather make this dynamic. Eg I would have a dropdown box where
user could select eg 1, 2, 3 etc User and amount would then be different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
I can create the dropdown no problem but how do I make sure the dynamically
selected values are sent to mycart? eg rather than using:
<input type="hidden" name="amount" value="30.00"> - which is static, I will
have a variable called amount, where I dynamically set the vlaue.
Angus Comber
6  3885 
"Angus Comber" <an***@NOSPAMiteloffice.com> wrote: <form target="mycart"
Target Attribute Considered Harmful. It either opens a new window, or
you are playing with frames. Both are _bad_. Don't do target, mm'kay?
<input type="image" src="https://www.website.com/btn/click-but.gif"
Image Submit Buttons Considered Harmful. They win nothing but esthetics
in the deeziner's eye, and they imply accessibility problems.
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
But I would rather make this dynamic. Eg I would have a dropdown
box where user could select eg 1, 2, 3 etc User and amount would
then be different value.
And what would be the problem with that, apart from the obvious?
(The obvious part is that it is easier to users to type a number than
to select an item from a dropdown list.)
I can create the dropdown no problem but how do I make sure the
dynamically selected values are sent to mycart?
You can't, of course. HTML is no programming language. It's a poor
lonesome data format.
As usual, there will probably be someone who tells you to use
JavaScript. I wish I were a more dishonest person and took advantage of
such situations, ordering 1,000,000 widgets for the price of one simply
by disabling scripting on my browser.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
Are you saying I need to do this in something like perl?
Angus
"Jukka K. Korpela" <jk******@cs.tut.fi> wrote in message
news:Xn*****************************@193.229.0.31. .. "Angus Comber" <an***@NOSPAMiteloffice.com> wrote:
<form target="mycart"
Target Attribute Considered Harmful. It either opens a new window, or
you are playing with frames. Both are _bad_. Don't do target, mm'kay?
<input type="image" src="https://www.website.com/btn/click-but.gif"
Image Submit Buttons Considered Harmful. They win nothing but esthetics
in the deeziner's eye, and they imply accessibility problems.
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
But I would rather make this dynamic. Eg I would have a dropdown
box where user could select eg 1, 2, 3 etc User and amount would
then be different value.
And what would be the problem with that, apart from the obvious?
(The obvious part is that it is easier to users to type a number than
to select an item from a dropdown list.)
I can create the dropdown no problem but how do I make sure the
dynamically selected values are sent to mycart?
You can't, of course. HTML is no programming language. It's a poor
lonesome data format.
As usual, there will probably be someone who tells you to use
JavaScript. I wish I were a more dishonest person and took advantage of
such situations, ordering 1,000,000 widgets for the price of one simply
by disabling scripting on my browser.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
Angus Comber wrote: Hello
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0"
name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="on****@mydomain.com">
<input type="hidden" name="item_name" value="Widget 1 User (GB)">
<input type="hidden" name="item_number" value="Widget1UK">
<input type="hidden" name="amount" value="30.00">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="lc" value="GB">
Then I stick a button on my web page and that is fine.
But I would rather make this dynamic. Eg I would have a dropdown box
where user could select eg 1, 2, 3 etc User and amount would then be
different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
I can create the dropdown no problem but how do I make sure the
dynamically
selected values are sent to mycart? eg rather than using:
<input type="hidden" name="amount" value="30.00"> - which is static, I
will have a variable called amount, where I dynamically set the vlaue.
Just remove the hidden 'amount' element and replace it by a <select> with
the same name, e.g.
<select name="amount">
<option value="1.00">One</option>
<option value="10.00" selected="selected">Some</option>
<option value="100.00">Many</option>
</select>
The CGI script does not know and does not care from what kind of form
control the amount value comes from.
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
Jukka K. Korpela wrote: "Angus Comber" <an***@NOSPAMiteloffice.com> wrote:
<input ... alt="Make payments with website!">
It's PayPal, obviously. ;)
<input type="hidden" name="amount" value="30.00">
Fine. Now I create a copy of your form, edit that element to contain,
say, value="0.00", and order some stuff for free. If your script
detects that, good for you. But then you didn't need that hidden field
in the first place, did you?
I take it you're not familiar with the PayPal shopping cart.
This is a downside of using the PayPal cart. PayPal doesn't have any
"product" info except what is sent to it via form fields. PayPal does
have an encrypted form data option, but it doesn't work dynamically.
Thus if PayPal is generating the customer receipts, there aren't many
choices.
On the upside is that the PayPal cart isn't likely to be used for any
kind of high volume business, so it's unlikely a cheater trying to get
something for free would go unnoticed. The seller could just cancel the
transaction. It isn't ideal, but is usable (for the seller).
Now you know. :)
--
Reply email address is a bottomless spam bucket.
Please reply to the group so everyone can share.
Angus Comber wrote:
I am working with an external perl script. I can submit something like
this:
<form target="mycart" action="https://www.website.com/cgi-bin/"
method="post">
<input type="image" src="https://www.website.com/btn/click-but.gif"
border="0" name="submit" alt="Make payments with website!">
<input type="hidden" name="add" value="1">
[...]
But I would rather make this dynamic. Eg I would have a dropdown box where
user could select eg 1, 2, 3 etc User and amount would then be different
value. Then when I post to the cart I can send the relevant amount,
item_name, etc.
Do the dynamic part before arriving at this page. Use server-side
scripting to verify and alter the values accordingly.
As Jukka pointed out, though, your use of hidden fields makes it easy
to send a modified form with all sorts of interesting entries. You'd be
more secure against such an attack using a server-side data store (flat
file, database) to hold the customer state info, and to generate and send
the page to the cart.
--
jmm dash list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
"Angus Comber" <an***@NOSPAMiteloffice.com> wrote: Are you saying I need to do this in something like perl?
Comprehensive quoting is a sure sign of lack of comprehensive reading.
Please read what I wrote, instead of quoting everything. If problems
remain, indicate which part you didn't understand, and ask a specific
well-formulated question.
But yes, that's more or less what I'm saying: you need to understand
how forms work. See http://www.cs.tut.fi/~jkorpela/forms/ for clues.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: mark.reichman |
last post by:
First off.. Thanks to Grant Wagner for help in a previous thread
related to this one.
I am at a total loss... I have multiple fields in a form with the
same name. Lets call the fields with the...
|
by: Roy Adams |
last post by:
Hi I'm reposting this question because for some reason can't post
follow up question to this thread.
What I'm trying to do is put the value and text from a a select in to
a text field and to a...
|
by: Randell D. |
last post by:
Folks,
I have a large amount of values to store (we're talking tens, if not
hundreds of bytes). I need this for a client side application - ignore
the security consequences for the moment -...
|
by: Mark McLellan |
last post by:
Dear all
Following the oft-repeated advice here and ciwas I have made my site
nearly 4.01 strict (working on it). There are some items on which I would
appreciate your advice:
1. Hidden...
|
by: John |
last post by:
Hello.
I have a search form for music albums which among other things I need to
search all the song titles of the song. Normally in a search form I would
have checkboxes the user can use to...
|
by: Microsoft_Public |
last post by:
All I'm getting is <null>......
I have a legacy input form that I must maintain for a few more months until
the balance of the site can be converted to .Net.
I need the one database field to...
|
by: BcNexus |
last post by:
Hello all,
The search function of this forum isn't working although I found a similar question on the forum using Google, but the replies don't help me. So, forgive me please if this has been...
|
by: mark |
last post by:
Forgive me if this seems like a stupid question but I need help...
I'm trying to do a simple online form that emails me the results from
a few fields.
Here is the code:
<form...
|
by: dba |
last post by:
using the following code with a problem....
echo "<input type='hidden' name='member_id' value=\"{$row}\">{$row}";
echo "<input type='radio' name='member_name'
value=\"{$row}\">{$row}<br />";
...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
