[nycphp-talk] <a href> vs. <form> request

max goldberg max at
Thu Apr 17 14:39:49 EDT 2003

If I recall correctly, you would need to return false so it doesn't
actually continue with the current operation. For instance if you did it
in an onSubmit, returning false would keep the form from submitting
(this is quite useful for form validation).

Just keep in mind that this is all just allusion. If someone really
wants to use a form to do this, they could pull it off with some simple
scripts and a small amount of time. If the security of this application
isn't really mission critical this solution should suffice though.


Jerry Kapron wrote:

> Max,
> This is exactly what I came up with while eating my oatmeal this morning :)
> However one thing still concerns me:
> <form onSubmit="return linkCreate();">
> or
> <form ...>
> <input type="button" onClick="return linkCreate();">
> BTW, what's the difference between ="return linkCreate()" and
> ="linkCreate()"  ?
> Thanks,
> Jerry
>>This is a fairly vague problem, so I'll give my suggestion to what I
>>think you are trying to do.
>>On each non-local website do something similar to this:
>><script type="text/javascript"
>><a href="#" onClickonClick="return linkCreate();">Click Me</a>
>>(where is your server)
>>On your server you would have link_creator.js be a PHP script that
>>creates dynamic Javascript. This allows you to grab information such as
>>the referrer, and the remote IP address, and any other information you
>>could need. You could even make the JavaScript source append a get
>>variable for that site like link_creator.js?
>>The PHP would create a one time use hash, depending on if
>>all of your security requirements have been met which then is inserted
>>into the temporary table along with the remote IP, referrer etc.
>>The dynamic JavaScript would then include a function (linkCreate) which
>>just changes the browser's location to the link you have created.
>>This would cause some heavy traffic load, especially if all of the
>>remote sites get a lot of traffic. This would allow you to make
>>one-time-use hashes that would be required for a successful page load on
>>your server.  Once the unique hash has been found in the query string,
>>you just expire it on the database.
>>Not sure if that would help, but it may be relevant.
> --- Unsubscribe at ---

More information about the talk mailing list