You cannot use Server.Transfer for your stated purpose, because it runs on the server. You need to find a way to pass the correct part number from the browser to the server.
If your only concern is that you don't show the part number in the query string, preventing casual manipulation by users, then you should consider sending the data with a POST rather than a GET request. If you don't mind having your links look like buttons, then the simplest (but not necessarily best) way is to use a form:
|
<form action="cont_show.fwx" method="post">
<input type="submit" name="parte_num" value="154"><br />
<input type="submit" name="parte_num" value="155"><br />
<input type="submit" name="parte_num" value="156"><br />
<input type="submit" name="parte_num" value="157"><br />
</form>
|
On the server you will be able to retrieve the value of parte_num using Request.Form("parte_num").
If you need to have regular hyperlinks instead of buttons, then you will need to use JavaScript code in the Click event of each hyperlink to set the value of a hidden form field and submit the form.
By the way, even though the use of post data prevents casual URL manipulation, it's still really easy to manually modify post data if you know what you are doing. I would definitely not use this as a security measure.
FoxWeb Support Team
support@foxweb.com email |
Sent by Carlos Fuertes on 01/16/2013 08:12:59 AM:
Hi all,
I'm using in my search script the method of passing the parameter in the Query String this way:
<small><a href="cont_show.fwx?Partenum=<%=STR(crP.parte_num,10)%>"><%=STR(crP.Parte_num,10)%></a></small>
This shows a table with hyperlinked numbers created from the foeld Parte_num.
When I click the Hyperlink, it goes to the cont_show.fwx script passing the Parte_num value in the query string as expected.
The URL showed by the browser is like this:
http://localhost/manteweb/cont_show.fwx?Partenum= 157
The point is that anyone in the browser can now change the number 157 and access to another Work Order and I don't want this can be done, for safety reasons.
My script is prepared to receive the Parte_num as a parameter also, avoiding to be shown in the URL window of the browser, but I don't know how I could exactly send the Server.Transfer("cont_show.fwx",Parte_num)
I have tried creating a button (html or Javascript) but I must be doing something wrong, because the button doesn't wait for me to click on it. Directly shows the page with the Order data in the cell of the table where the button should be shown
Any help would be appreciated
TIA