> -----Message d'origine----- > De : Richard Lynch [mailto:ceo@xxxxxxxxx] > Envoyé : mercredi 14 mars 2007 09:48 > À : Tim > Cc : 'Haydar Tuna'; php-general@xxxxxxxxxxxxx > Objet : RE: Re: question regarding form filtering > > I personally would not presume that PHP and JS regex patterns > are 100% compatible... > > Store a separate pattern for each. Fair enough, beats writing a new function for each :) > And, actually, the PHP check might be more involved than the JS check. > > For example, if the users is making up a password, and this > password has access to something that's actually sensitive > and worth protecting (money, medical records, private matters)... Not yet but maybe future clients ? ;) (archived) > You should probably have JS and PHP to check that the > password is long enough, has mixed alpha and digit, that the > password and confirmation match, that neither password nor > username contains the other as a substring, etc. > > But in PHP you'd probably *ALSO* want to check against a > database of words (say the one in /usr/share/web2, Webster's > 2nd Edition dictionary, now in the public domain) and make > sure they did not choose a simple word. Good idea, sounds like plesk internals here.. I'll most definately keep this in mind when i implent the user management system in the framework.. > > You almost for sure do *NOT* want to attempt to send the > entire Webster's 2nd Edition dictionary to the browser as JS > data so that the JS can check. :-) Hehe, ohhhhh? Really? ;-) > I suppose you could do a Web 2.0 Ajax-y thingie for that... Not a fan of forcing users to download/use active-x controls.. (accesibility, usability etc..) > > At any rate, the validation in JS may not always be exactly > the same as in PHP, even if their PCRE patterns are 100% > compatible, which I doubt. I'll do some experimenting with this.. > > For anything that really matters, your sanitation probably > ought to be custom-tailored rather than off-the-rack anyway... Glad we share this opinion.. > Plus, the easy ones are easy, and the framework probably > won't handle the hard ones, so what's the point of the > clutter of the framework? > > So I personally wouldn't even go down this road. Erm gonna have to explain to me what you mean... (easy ones are easy.. Etc.) Once again thanks Richard am well on my way now ;) Regards, Tim "Programming is a race between people making better and faster programs and the universe making bigger and dumber people. So far the universe is winning" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
