[Phpmyadmin-devel] Passing POST variables

Ninad Pundalik ninadsp16289 at gmail.com
Wed Mar 24 23:32:03 CET 2010


On 25 March 2010 03:32, Michal Čihař <michal at cihar.com> wrote:
> The correct way is to include token in your request. It is there for
> protecting against XSS.
I saw that the code tries to prevent that.  Hence, I added my extra
parameter to the same form that submits the current sql query and the
position to sql.php.  Once the form's submit button is clicked, I
prevent the execution of the request by the browser, and instead use
jQuery to make the request.

Anyways, I was looking at the wrong part of the output, but the
parameter is being passed and it is still available in $_POST at the
point of execution where I require it to be (after effects of spending
an entire night trying to understand code and then writing some more
:) ).  I'm going to now try to modify the output of sql.php based on
this parameter, and see if I can make it print just the table.  Is
there any parameter available that can be used to stop the inclusion
of the libraries/http_header.inc.php and footer.inc.php?

Thanx for making me look harder at the output and code. :)

Ninad S. Pundalik
GPG Key Fingerprint: 2DF7 B856 C75E C9F9 0504 C0EF D456 1946 7C45 2C69

More information about the Developers mailing list