|
Posted by "bruce" on 10/01/20 11:27
hi...
forgive me!!!
continuing the thread from yesterday regarding filtering. (and thanks to all
the msgs)
for simplicity. let's deal wit a simple user input form, that's going to
place the information in a db.
if the app allows the user to enter the input (call it 'foo') and then
submits the form via a POST, where the data is then written to the db, what
kind of validation should occur? and where should the validation take place?
for my $0.02 worth, there should be be validation of the 'foo' var, to
determine if the var is legitimate. there should also be validation/filterin
of the var when it's placed in the db_sql command...
my question (and it's basic), what validation should be performed on the
'foo' var, and why? i've seen htmlspecialchars/magic_quotes/etc.. in varius
articles, but i can't find a definitive answer!!
also, when inserting/updating a db item, what is the 'correct' process for
data? should all data that gets inserted into a db be quoted? if it should,
what's the 'standard' practice?
psuedo examples of this stuff would be really helpful!
thanks for clarifying some of these issues...
-bruce
bedouglas@earthlink.net
Navigation:
[Reply to this message]
|