Re: Data type to use for primary key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




All,
Well, you should still escape any strings you're getting from a web page so
you can ensure you're not subject to a SQL insert attack, even if you're
expecting integers.
Thanks,
Peter Darley

	Well, your framework should do this for you :

	"integer" specified in your database object class description
"%d" appears in in your generated queries (or you put it in your hand written queries) => if the parameter is not an integer, an exception is thrown, then catched, then an error page is displayed...

	Or, just casting to int should throw an exception...

Forms should be validated, but hidden parameters in links are OK imho to display an error page if they are incorrect, after all, if the user edits the get or post parameters, well...


[Postgresql General]     [Postgresql PHP]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Yosemite]

  Powered by Linux