2017-06-01

posted Jun 1, 2017, 6:49 AM by Samuel Konstantinovich   [ updated Jun 2, 2017, 8:19 AM ]
Goal:  Hidden form data, sanitized input.

Requriements and Deadlines: 

1. Make an HTML file readme.html (link to the main site from here)
You MUST describe the working parts of your program, and how to use it here.
This will be updated as you get more things working.

2. BOTH members of the group must have ALL files in their home directories. 

3. All files must be in four subdirectories of
 ~/public_html/finalproject/

4. OPTIONALLY You can share data files like images by making a folder outside of the 3 versions
~/public_html/finalproject/data/

 
June 5/9/12.

This should be your current 'being worked on' version of the website:
~/public_html/finalproject/current
 (you can still have a data directory inside of current)

By Monday MORNING, June 5th, save a copy here:  (and check that it works as expected without errors)
~/public_html/finalproject/version1

By Friday MORNING, June 9th, save a copy here:  (and check that it works as expected without errors)
~/public_html/finalproject/version2

By Monday MORNING, June 12th, save a copy here:  (and check that it works as expected without errors)
~/public_html/finalproject/version3
Version 3 is the final version.


1. Passing old form info through the next form (to stay logged in when you submit a form)
You can use a hidden input in any form, to send info such as the MagicNumber, email address or other data.
<input type="hidden" value="foo" name="user_id" />
like:
print '<input type="hidden" name="MagicNumber"  value="'+variable_in_your_program+'"/>'

2. Clean up user input text! You do not want a user to input HTML accidentally or on purpose:

import  cgi
input = "</td></tr></table>"
output = cgi.escape(input)
print output

Result: (HTML values for the tag symbols)
&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;

What could happen if you did not use the cgi.escape() command on the input?



Comments