[Phpmyadmin-devel] Passing POST variables
Ninad Pundalik
ninadsp16289 at gmail.com
Wed Mar 24 23:32:03 CET 2010
Hi,
On 25 March 2010 03:32, Michal Čihař <michal at cihar.com> wrote:
> The correct way is to include token in your request. It is there for
> protecting against XSS.
>
I saw that the code tries to prevent that. Hence, I added my extra
parameter to the same form that submits the current sql query and the
position to sql.php. Once the form's submit button is clicked, I
prevent the execution of the request by the browser, and instead use
jQuery to make the request.
Anyways, I was looking at the wrong part of the output, but the
parameter is being passed and it is still available in $_POST at the
point of execution where I require it to be (after effects of spending
an entire night trying to understand code and then writing some more
:) ). I'm going to now try to modify the output of sql.php based on
this parameter, and see if I can make it print just the table. Is
there any parameter available that can be used to stop the inclusion
of the libraries/http_header.inc.php and footer.inc.php?
Thanx for making me look harder at the output and code. :)
Ninad S. Pundalik
http://twitter.com/ni_nad
http://ninadpundalik.co.cc/blog
GPG Key Fingerprint: 2DF7 B856 C75E C9F9 0504 C0EF D456 1946 7C45 2C69
More information about the Developers
mailing list