basic user/input form questions... more validation!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi...

forgive me!!!

continuing the thread from yesterday regarding filtering. (and thanks to all
the msgs)

for simplicity. let's deal wit a simple user input form, that's going to
place the information in a db.

if the app allows the user to enter the input (call it 'foo') and then
submits the form via a POST, where the data is then written to the db, what
kind of validation should occur? and where should the validation take place?

for my $0.02 worth, there should be be validation of the 'foo' var, to
determine if the var is legitimate. there should also be validation/filterin
of the var when it's placed in the db_sql command...

my question (and it's basic), what validation should be performed on the
'foo' var, and why? i've seen htmlspecialchars/magic_quotes/etc.. in varius
articles, but i can't find a definitive answer!!

also, when inserting/updating a db item, what is the 'correct' process for
data? should all data that gets inserted into a db be quoted? if it should,
what's the 'standard' practice?

psuedo examples of this stuff would be really helpful!

thanks for clarifying some of these issues...

-bruce
bedouglas@xxxxxxxxxxxxx

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux