Ok, sorry.<BR><BR>After a search a list is displayed with the records found. That's just a simple search. I want to be able to search through the records wich were found in the first search.<BR><BR>Is it a bit clearer now?<BR><BR>/Sander
A quick solution would be to create a hidden field in the form that submits the second search. This hidden field contains the original SQL query that you used in the first search. Something like:<BR> <input type='hidden' value='YOURSQL'><BR>Once the form is submitted you add the new criteria from the second search to this first search.<BR><BR>Hope this helps,<BR>Jacques.
...for getting your site nuked.<BR><BR><input type="hidden" name="SQLQuery" value="SELECT * FROM x"><BR><BR>Save the HTML to disk. Modify the form action to go to a complete URL. Modify the hidden field to read:<BR><input type="hidden" name="SQLQuery" value="DELETE FROM x"><BR><BR>Submit the page.<BR><BR>Voila. No information in your table.<BR><BR>This is possibly the WORST way of doing it.<BR><BR>Craig.
on him ; )<BR><BR>Though I agree with you that this way could cause some headaches, if he had to do it this way there are some things he could do to protect himself.<BR><BR>One is to modify the db permissions to SELECT only for the tables selecting from in this way. Another thing he could do is parse the form field for those dangerous SQL keywords (i.e. - DELETE, EXECUTE, etc.) before even trying to execute, even if the db id doesn't necessarily have permissions to do those actions. <BR><BR>Obviously there are other things he can do to protect himself, however you get the idea.<BR><BR>Pete<BR>