Hi,
On 25 March 2010 03:32, Michal Čihař michal@cihar.com wrote:
The correct way is to include token in your request. It is there for protecting against XSS.
I saw that the code tries to prevent that. Hence, I added my extra parameter to the same form that submits the current sql query and the position to sql.php. Once the form's submit button is clicked, I prevent the execution of the request by the browser, and instead use jQuery to make the request.
Anyways, I was looking at the wrong part of the output, but the parameter is being passed and it is still available in $_POST at the point of execution where I require it to be (after effects of spending an entire night trying to understand code and then writing some more :) ). I'm going to now try to modify the output of sql.php based on this parameter, and see if I can make it print just the table. Is there any parameter available that can be used to stop the inclusion of the libraries/http_header.inc.php and footer.inc.php?
Thanx for making me look harder at the output and code. :)
Ninad S. Pundalik http://twitter.com/ni_nad http://ninadpundalik.co.cc/blog GPG Key Fingerprint: 2DF7 B856 C75E C9F9 0504 C0EF D456 1946 7C45 2C69