You are here: RE: [PHP] basic user/input form questions... more validation! « PHP « IT news, forums, messages
RE: [PHP] basic user/input form questions... more validation!

Posted by "bruce" on 09/25/05 02:43

chris...

i would agree, and didn't think it made sense.. but i don't know what you
mean by the phrase 'escape all output'!! i don't see the need to escape all
output from the mysql db/tbl... so i'm not sure you meant this.

for my $0.02, i'd quote/escape all 'strings/date' vars that would be
inserted/used within the mysql db. i'd simply go ahead and insert numeric
data with no quotes. i'd thoroughly verify/validate using regex or other
methods all data before using it in the sql commands.

as fars as getting data from the mysql db/tbl, i'd simply use the sql
command/query. i'd extract the resulting data, and use the data in vars that
i've defined to be the specific data type.

this allows me to farily consistenly know what data types i'm using, and how
to then present the data to the user if i have to, as well as how to use the
vars/data in other parts of the given application.

-bruce


-----Original Message-----
From: Chris Shiflett [mailto:shiflett@php.net]
Sent: Friday, September 23, 2005 9:22 PM
To: bedouglas@earthlink.net
Cc: php-general@lists.php.net
Subject: Re: [PHP] basic user/input form questions... more validation!


bruce wrote:
> my question was directed towards trying to understand if you were
> meaning that an app should escape all output from the mysql db?

If you think about that for a moment, I think you'll see that it doesn't
make a lot of sense. Data that you get from a remote source is input,
not output. Data that you send to a remote source is output.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация