Parent Topic | Previous Topic | Next Topic
Catalog

4.8. Form data updates

Added Scratch variable mv_data_enable to gate the update_data function. You must set it before doing a form update. Prior to this it was possible to update a SQL database willy-nilly.

A quick fix like this will allow the update on a single page:

    [set update_database]
    [set mv_data_enable]1[/set]
    [/set]
    <INPUT TYPE=hidden NAME=mv_click VALUE=update_database>

It will ensure at least that the user loads one form from you for each update. For best security, gate with a userdb entry like this:

    [set update_database]
    [if type=data term="userdb::trusted::[data session username]"]
        [set mv_data_enable]1[/set]
    [else]
        [set mv_data_enable]0[/set]
    [/else]
    [/if]
    [/set]

Parent Topic | Previous Topic | Next Topic
Catalog