Book Image

Oracle Application Express 3.2 - The Essentials and More

Book Image

Oracle Application Express 3.2 - The Essentials and More

Overview of this book

Developing data-centric web applications can be a real challenge as it is a multi-disciplinary process. There are many technologies involved in the client side (HTML, CSS, JavaScript, and so on); the interaction with the database, on the server side; the typeless nature of the web environment; and above all, the need to put it all together. This needs to be done in a manner that will allow the end users to do their job in the simplest and most efficient way, while enriching their user experience. How often have you wished that developing such applications could be uncomplicated and straightforward? This book will show you that it's possible, and teaches you how to do it, using Oracle Application Express (APEX).With this practical guide to APEX, you'll learn how to easily develop data-centric web applications for the Oracle environment. The book covers the development cycle of an APEX application, reviewing the major APEX principles and building blocks chapter by chapter. It starts with the basic skills you need to get going when developing with APEX. Later, you will learn advanced issues, such as how to build tailor-made forms and reports, using APEX APIs, AJAX, and so on. It not only deals with the "How" but also with the "Why", and before long you will be able to understand APEX concepts, and use them to expand and enhance the built-in features, wizards, and tools.The book starts with the design phase, including building the necessary database objects infrastructure; continues with ways to implement the application logic (on the server side) and the User Interface (on the client side), whilst showing you how to enhance your applications' features and functionality according to your specific needs; and it ends with application deployment.The book emphasizes and clearly documents areas such as Globalization, Localization, and developing multi-lingual applications, and includes a special discussion about Right-To-Left (RTL) support for APEX applications, documented here for the first time.Throughout the book, there are many screenshots and snippets of code, taken from working APEX applications. The book is accompanied by demo APEX applications that you can download and install in your APEX environment, thoroughly analyze, and learn from as you read the book.
Table of Contents (30 chapters)
Oracle Application Express 3.2
Credits
About the Authors
About the Reviewers
Preface

Session state protection


Earlier in this book we looked at how buttons and branches can populate page items and application items via the APEX URL. We often use this technique to pass unique identifiers or other items in the URL to customize the page we are calling. An example of this is when we have a search page that calls an update page; we want the update page to display the record selected in the search page. As these items are passed in the URL, it could be possible for a user to tamper with the URL and add, remove, or modify items and their values.

To demonstrate URL tampering, let's assume we have an edit employee screen that accepts an employee number parameter to determine which employee record to edit. The following URL will display employee number 222:

http://myserver:8080/apex/f?p=101:10:12345::::EMPNO:222

Let's now modify the employee number parameter in the URL to display employee number 999:

http://myserver:8080/apex/f?p=101:10:12345::::EMPNO:999

As we can see, we have...