Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] empty rows (PostgreSQL)



Hi,
 
On 2005.02.11, at 14:18, Edward Wright <edw@example.com> wrote:

>1. This post isn't really appropriate to the Tokyo *LINUX* 
>User's Group (it's not Linux specific)
>2. It's really a basic question you should be able to find
>the answer to with only a little "research".

I agree that this question is basic, but is this post really inappropriate?

The question is indeed an interesting topic of web applications. When a user input the data which is logically unacceptable, the system should handle it at application and business levels. Javascript checking will probably help the users enter the correct data, but PHP code should also check and notify the user appropriately.

"Every external variable has to be verified. In many cases you can just use type casting" (http://www.zend.com/zend/art/art-oertli.php). In Ahmed's sample code, it will need to verify $name to avoid possible security issues. For example, if $name is empty it shouldn't be added to the database. Also, if $name constains thousands of characters, it will probably get an error from postgresql. The system will need to check before adding if the user already exists. The $name may contain some cracking codes harmful to the system.

Although this is a PHP/PostgreSQL question, I think we still can discuss it.

--
BABA Yoshihiko
Kyoto Center for Community Collaboration
Fin"k Support, Translation and Documentation Team

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links