Jump to content

Thanks for all the great help...here's the results.


ibiubu
 Share

This topic is 7142 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Lots and lots of GREAT help on the forum. Was able to get my database up and running on the web in just over a week...from scratch...thanks to all the great advice here.

[ March 30, 2002, 11:53 AM: Message edited by: Larry Ross ]

Link to comment
Share on other sites

Looks nice.

Before you open the champagne look into your login.

Letter "g" works, "j" also -- I do not now, but is that what you are looking for?

Also anybody can display everything from your database with http://63.226.xxx.xxx/FMPro?-db=Products&-format=-raw&-findall

We have security filter for PC and if you are on Mac search security discussions -- someone recommend solution for this security hole.

Link to comment
Share on other sites

Larry, Anatoli is right about the security issue. He is also right about "guest" entry. I tried the letters a thru h (you can test the rest. Here's what I found:

generated by entering a single letter, a, d, e, f, h

"No records found. Possible reasons for this are:..."

generated by entering a single letter, b: Job List/Salt City Candle

generated by entering a single letter, c: Job List/Curecrete

generated by entering a single letter, g: Job List/Rubicon Medical

FYI, my monitor is set at 832 x 624. In NN your smallest font size looks to be about 8; way small for my old eyes.

HTH

Link to comment
Share on other sites

Thanks for the tips. The password thing...not sure about that one yet...got me stumped. For example if the search criteria is to match EXACTLY the data in a field, then why does typing in b still find blake? Here is a section of the CDML for when a name is entered and the submit button is hit to perform the find...can anything here be changed to force an exact match, not just the first letter?

<input type="hidden" name="-db" value="Products.FP5"> <input type="hidden" name="-lay" value="CGI"><input type="hidden" name="-format" value="summary.htm"><input type="hidden" name="exact" value="10"><span class="text">User Name:</span><input class="text" type="text" name="User" value="" size=15> <input class="text" type="submit" name="-find" value="Submit">

The security hole...thanks for letting me know it exists. I will have to look thru the discusions to see what solutions people have come up with.

LR

[ March 30, 2002, 12:46 PM: Message edited by: Larry Ross ]

Link to comment
Share on other sites

My standard response to the exact find:

Remember that you are trying to get your format file to talk with your db file.

USE THIS RESOURCE OFTEN.

http://www.filemaker.com/support/index.html

________________________________________________________

Search and read: Article Number: 104829, and Article Number: 105687

________________________________________________________

Understanding the use of the symbols of an exact search in a cdml solution will enable you to understand how to use in your cdml solutions all the symbols available in the FMPro db find operation (see db status bar).

See also these useful threads in the cdml forum for examples and other approaches/ideas:

Link to comment
Share on other sites

OK, I did what the tech notes suggested...

<input class="text" type="text" name="User" value="==" size=15> <input class="text" type="submit" name="-find" value="Submit"><input type="hidden" name="-find" value="Submit">

Notice the code for value="=="

now of course this performs an exact find...but in my text field where the user types in the text to search by == is already in that field. A little confusing for the user. Can == exist but not show up as a visible text string in the box. Most users would not know to leave it there and would just type over it to perform their find.

LR

Link to comment
Share on other sites

I cannot test that -- you removed the URL.

In any case, visible "==" can be edited frown.gif

Use Hidden field with "==".

Better still you can use Name and password and calculate them into one field and compare that with their record.

Or set that field in Security Database as exact -- it has to be exact through solution but you will increase overall security.

Link to comment
Share on other sites

Actually got it to work. Here was the CDML

<form action="FMPro" method="POST">

<input type="hidden" name="-db" value="Products.FP5"><input type="hidden" name="-lay" value="CGI"><input type="hidden" name="-error" value="errors.htm"><span class="class"><span class="text">User Name: </span></span><span class="text"><input type="hidden" name="-op" value="equals" border="0"><input type="text" name="User" value="" size=17> <input type="submit" name="-find" value="Submit"><input type="hidden" name="-find" value="Submit"></span><input type="hidden" name="-format" value="Summary.htm"><input type="hidden" name="-max" value="10">

Geez...a bit lengthy, but it did the job. Now only exact searches yeild results. Some of the CDML is also to allow hitting the return or enter keys instead of hitting the submit button.

For example, now if you type "g" it goes to the error page. You have to type the exact match of "guest:

PS. Web Security Database...what is the basic concept here. In my FileMaker Prefs it is greyed out.

LR

Link to comment
Share on other sites

You have to start the WebSecurity databases and then you can set them in preferences.

The concept is powerful and great. The problem is, that other security holes are there.

I suggest to use that at full and pretend like the holes didn't exist. You will sort them out or FM will maybe do something about them.

In any case everyone should use WebSecurity at full potential.

Link to comment
Share on other sites

Larry's code

<form action="FMPro" method="POST">

<input type="hidden" name="-db" value="Products.FP5">

<input type="hidden" name="-lay" value="CGI">

<input type="hidden" name="-error" value="errors.htm">

<span class="class"><span class="text">User Name: </span></span><span class="text">

<input type="hidden" name="-op" value="equals" border="0">

<input type="text" name="User" value="" size=17>

<input type="submit" name="-find" value="Submit">

<input type="hidden" name="-find" value="Submit"></span>

<input type="hidden" name="-format" value="Summary.htm">

<input type="hidden" name="-max" value="10">

Larry, I never use the -op or -lop in either a Form or Link action. I would have made a very slight change so the code would read:

<form action="FMPro" method="POST">

<input type="hidden" name="-db" value="Products.FP5">

<input type="hidden" name="-lay" value="CGI">

<input type="hidden" name="-error" value="errors.htm">

<span class="class"><span class="text">User Name: </span></span><span class="text">

<input type="hidden" name="User" value="==" border="0">

<input type="text" name="User" value="" size=17>

<input type="submit" name="-find" value="Submit">

<input type="hidden" name="-find" value="Submit"></span>

<input type="hidden" name="-format" value="Summary.htm">

<input type="hidden" name="-max" value="10">

Link to comment
Share on other sites

This topic is 7142 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.