Really Basic Find Question

dschaal · May 7, 2003

This may be a really stupid question.....

I was testing my solution. I got to the "search" page where I have a blank that they are suppose to input a "password".

I accidentally clicked on the Find button without putting in a password and it retrieved absolutely everything in the DB.

I was really shocked! So, it goes and gets everything regardless of whether or not something is in the password field?:?:

Am I just missing something in my code to prevent this? The search is supposed to only retrieve the agency's record for FY2003 and the one that matches the password. The part of the code that's relevant is below:

[color:"blue"]<form name="myform" action="FMPro" method="post" onsubmit="subForm(); return false;">

</form>

Please help! Thanks! Donna

Garry Claridge · May 7, 2003

Try this:

<input TYPE="hidden" NAME="-op" VALUE="eq">

<input TYPE="password" NAME="agencypassword" VALUE="" SIZE=10>

You can also use some Javascript to validate userID and password patterns.

Good Luck.

Garry

dschaal · May 8, 2003

Hi Garry!

I tried your suggestion but it didn't stop it from retrieving everything if the field is left blank.

You gave me some javascript for this same page a while back to prevent asterisks being used in this field. Here is the entire code of this page. Any suggestions?

<HTML>

<HEAD>

<TITLE>Search for Your Agency</TITLE>

function subForm ()

{

if ((document.myform.agencypassword.value) .indexOf ("*") != -1 )

{ alert ("Asterisks * are not allowed in the Password!!!"); }

else

{ document.myform.submit() ; };

}

</script>

</HEAD>

<TR>

<TD WIDTH="50%" ALIGN="middle"><B><H2>Search for Your Agency Record</B></H2></TD>

</TR>

</TABLE>

Enter the password that was given to you and click the Find Button.<BR>

<BR>

<B>Password:</B>

</FORM>

</BODY>

</HTML>

Thanks in advance for your help once again! Donna

Unable · May 8, 2003

Donna posted that she was using:

Garry responded, try using:

Using Donna's code, one is performing a "field contents match". It is the same as using the Symbols button of the db. When a client enters a password (e.g."tree moss"), what gets entered into the field, and that upon which the search is performed is "==tree moss".

Using Garry's code, one is performing an "exact match". It is the same as using the Symbols button of the db. When a client enters a password (e.g. "tree"), what gets entered into the field, and that upon which the search is performed is "=tree".

These are subtle differences which can give widely differeng results.

What actually gets entered into the field can be seen by performing a "Modify Last Find" in the database after performing the Form Action through the browser. If the -find action is not working as expected (e.g. returning results when data is not entered), it is advisable to perform a "Modify Last Find" in the database to see what is being entered (or not being entered) into the field.

Anatoli · May 8, 2003

My idea for increased security was calculated field with User+Password.

It need both to be fully specified and '*' are avoided.

In Login file that calc field is compared to the same calc in user file via relation.

Unable · May 8, 2003

"it is advisable to perform a "Modify Last Find" in the database to see what is being entered" I should have followed my own good advice. Since I didn't I must clarify what I said, for I have stated something incorrectly.

Donna's code:

will not work. The symbols do not get entered with the NAME="-op" attribute, only the letter designations ("eq", "bw", "ew" and "cn") work with that attribute designation.

However, Donna's code (above) and Garry's code:

can also be written (Donna's):

or (Garry's):

respectively. This approach of assigning a fieldname to the NAME attribute allows browser access to all the symbols normally used in (found in the status bar of) a database search.

Then, using basic HTML, one could construct a drop down list giving the client a wide choice of symbols such as:

<OPTION VALUE="=" SELECTED>equals (exact match)

<OPTION VALUE="<">less than

<OPTION VALUE="<=">less than or equal

<OPTION VALUE=">=">greater than or equal

<OPTION VALUE="<">less than

<OPTION VALUE="<=">less than or equals

<OPTION VALUE="==">field content match

<OPTION VALUE="">begins with

</SELECT>

Note that the use of symbols as a direct entry into a fieldname allows for the use of "" in lieu of "bw" for "Begins With", but precludes the use of the symbols (asterisks) which equate "ew" (search string being *data) and "cn" (search string being *data*). These two tags (ew, cn) MUST be used with the -op tag and cannot be substituted with symbols.

This leads to a clarafication to what I previously posted. In that example I said that what is entered (seen in Modify Last Find) could be "==tree moss" or "=tree". This depends upon whether the NAME attribute is the -op tag or a fieldname tag. Using the -op tag with "<OPTION VALUE="eq">equals" will enter a string such as "=tree" in the search field. Using the fieldname tag with "<OPTION VALUE="="> (instead of "eq") will enter a string such as "= tree" in the search field.

It is because of this space in the NAME="fieldname" attribute that using "<OPTION VALUE="*">ends with" is ineffective. When used with the NAME="fieldname" attribute the search string could read "* s", which gives quite different results than the NAME="-op" with "<OPTION VALUE="ew">ends with", which search string could read "*s" (no space).

Garry Claridge · May 9, 2003

Donna,

Here is the revised Javascript:

function subForm ()

      {

      submitOK = "true";

      if ((document.myform.agencypassword.value) .indexOf ("*") != -1 )

           {

            alert ("Asterisks * are not allowed in the Password!!!");

            submitOK = "false";

            };

      if (document.myform.agencypassword.value == "")

           { 

           alert ("Password must have an entry!!!");

           submitOK = "false";

            };

      if (submitOK == "true") document.myform.submit();

  }

</script>

All the best.

Garry

Unable · May 9, 2003

Garry, I haven't asked for your help with JS. Yet you've inspired me and I've been struggling through the Rhino book. (Crikies, its all character development and no plot!) What you have just posted is starting to make sense. So THANKS.

dschaal · May 9, 2003

Garry you are truly "the man".......

Thank you! Thank you!

I am trying to learn JavaScript and I had tried several versions....but none worked.

Yours worked -- first time! Donna

Anatoli · May 10, 2003

What if JavaScript is off? Then you will compromise login again

All JavaScript is excellent to block empty or invalid submits and decreasing unnecessary traffic.

Garry Claridge · May 10, 2003

Re: What if JavaScript is off

The Form will not be submitted! Because of this:

All the best.

Garry

Anatoli · May 10, 2003

I guess you are wrong.

If JS is off, you cannot return false.

Then standard HTML and HTTP protocols will work and submit.

Garry Claridge · May 11, 2003

In IE and Safari, if JS is off and an <input> tag has focus, this is true. However, here is a way to prevent the Form from being accepted by FM.

Remove these lines from the Form:

<INPUT TYPE="submit" NAME="-Find" VALUE="FIND AGENCY"

Add this line immediately after the <form> tags; e.g.:

Amend your Javascript to include this line, before the submit():

document.myform.elements[0].name = "-find";

document.myform.submit();

This will protect against "Javascript Off" problems.

All the best.

Garry

Garry Claridge · May 11, 2003

Whoops, I forgot to show you how to do a Submit.

<a href="#" onClick="subForms()">Find Agency</a>

All the best.

Garry

Sign In

Really Basic Find Question

Recommended Posts

dschaal

Garry Claridge

dschaal

Unable

Anatoli

Unable

Garry Claridge

Unable

dschaal

Anatoli

Garry Claridge

Anatoli

Garry Claridge

Garry Claridge

Create an account or sign in to comment

Create an account

Sign in

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information