[thelist] ASP posting form data

Darren Darren at web-bitch.co.uk
Tue Aug 14 09:27:12 CDT 2001


On 14 August 2001 at 15:20:36, David at softv.net <David at softv.net> wrote:

Dsn> Why use a session variable? Just tack the xml string on to the
Dsn> redirect as a querystring

Dsn> Response.Redirect("otherpage.asp?xmlstring=blah")

...and...

On 14 August 2001 at 15:18:04, Tab Alleman <Tab.Alleman at RealMetros.com> wrote:

TA> Would this be preferable to putting it into a hidden form variable and
TA> posting it to the new page for some reason?


unfortunately the first script needs to do its thing on the form data to
generate the xml-based string.

we don't really want to pass it through the querystring as the data could
be quite sensitive and let malicious users get access to data they
shouldn't be seeing.  this will largely be taken care of through the
processing of the results, but there's no point in leaving them something
to play with.

hth,

darren.





More information about the thelist mailing list