WebApp Sec mailing list archives
Re: When GET = POST?
From: "Kevin Spett" <kspett () spidynamics com>
Date: Mon, 11 Nov 2002 11:41:05 -0500
Here's an example from MSDN that shows how's it's supposed to be implemented in ASP. As you can see, the developer is expected to use the REQUESTTYPE variable. Many languages work in a similar way. It's unsuprising that many developers don't. http://support.microsoft.com/default.aspx?scid=KB;en-us;q165671 <HTML> <% '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% '% File: ADOselect.asp '% Author: Aaron L. Barth (MS) '% Purpose: For testing ADO connectivity to any ODBC Datasource '% Disclaimer: This code is to be used for sample purposes only '% Microsoft does not guarantee its functionality '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% if Request("REQUESTTYPE") <> "POST" then ' %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ' % If the request does not contain REQUESTTYPE = "POST ' % then display Form Page ' %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% dsn = Session("dsn") dbuser = Session("dbuser") dbpass = Session("dbpass") ...etc... Kevin Spett SPI Labs http://www.spidynamics.com
Current thread:
- When GET = POST? Chris Thomas (Nov 08)
- Re: When GET = POST? Alonso Robles (Nov 09)
- Re: When GET = POST? Jonas Anden (Nov 10)
- Re: When GET = POST? Vincent Janelle (Nov 10)
- Re: When GET = POST? Jonas Anden (Nov 10)
- Re: When GET = POST? David Bullock (Nov 09)
- RE: When GET = POST? Tony Welsh (Nov 09)
- Re: When GET = POST? Adrian Wiesmann (Nov 10)
- Re: When GET = POST? Kevin Spett (Nov 11)
- Re: When GET = POST? Jason Childers (Nov 11)
- Re: When GET = POST? Charles Miller (Nov 11)
- Re: When GET = POST? Jeff Dafoe (Nov 11)
- Re: When GET = POST? Jason Healy (Nov 11)
- Re: When GET = POST? Kevin Spett (Nov 12)
- Re: When GET = POST? Daniel Hedrick (Nov 12)
- Re: When GET = POST? Jeff Dafoe (Nov 11)
- <Possible follow-ups>
- Re: When GET = POST? Steven M. Christey (Nov 11)
- RE: When GET = POST? Glyn Geoghegan (Nov 14)
- RE: When GET = POST? Glyn Geoghegan (Nov 14)
- Re: When GET = POST? Alonso Robles (Nov 09)