RE: Re: question regarding form filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 

> -----Message d'origine-----
> De : Richard Lynch [mailto:ceo@xxxxxxxxx] 
> Envoyé : mercredi 14 mars 2007 23:45
> À : Tim
> Cc : 'Haydar Tuna'; php-general@xxxxxxxxxxxxx
> Objet : RE:  Re: question regarding form filtering
> 
> On Wed, March 14, 2007 9:07 am, Tim wrote:
> >> You almost for sure do *NOT* want to attempt to send the entire 
> >> Webster's 2nd Edition dictionary to the browser as JS data so that 
> >> the JS can check. :-)
> >
> > Hehe, ohhhhh? Really? ;-)
> >
> >> I suppose you could do a Web 2.0 Ajax-y thingie for that...
> >
> > Not a fan of forcing users to download/use active-x controls..
> > (accesibility, usability etc..)
> 
> No, I meant using an XmlHttpRequest to compare their password 
> as they type it in the form with the webster's dictionary up 
> on your server.
> 
> Dunno if it would be fast enough to do it per keystroke, but 
> perhaps upon leaving the password field.

Ok more reading todo then..

> 
> >> For anything that really matters, your sanitation probably 
> ought to 
> >> be custom-tailored rather than off-the-rack anyway...
> >
> > Glad we share this opinion..
> >
> >> Plus, the easy ones are easy, and the framework probably 
> won't handle 
> >> the hard ones, so what's the point of the clutter of the framework?
> >>
> >> So I personally wouldn't even go down this road.
> >
> > Erm gonna have to explain to me what you mean... (easy ones 
> are easy..
> > Etc.)
> 
> What I mean is that trying to write Framework for your 
> sanitization routines will lock you into that Framework.
> 
> So while PCRE is *great* for most sanitization routines, it's 
> not the Right Answer for all of them.
> 
> But if your framework only does PCRE, you've given up on 
> custom sanitization for an off-the-rack answer, and are using 
> a hammer on a screw sooner or later.
> 
> The easy ones, like username or email are a one-liner anyway, 
> or a few lines of code at most.
> 
> The really complex ones like password, probably won't fit 
> into any generic Framework you can build.
> 
> I think it's better to hand-craft this code on each, rather 
> than trying to generalize it.

Ok, i see what you are saying. 

I have left my class open to new features, its pretty flexible, so i can
integrate these features in the near future (or maybe write a validation
class that extends the form class for when i need these "special"
validations). This opens up possibilities for both generic/hand-crafted
validation. So far i have no "public" user system (nor the need) so
verifying "public" passwords is not on the work list yet.. I WILL keep that
in mind and will experiment with different systems that enable "specific"
validation for certain types of input.. 

For the time being i am just either using forms to retrieve data from a
database (all standard word chars) or  putting information into the database
from an admin console (again all standard word chars) so PCRE doesthe job
just fine and saves me from coding twice php then javascript. 

If i had more time and less due-dates i would do it, maybe i'll think about
it while on vacation? hehe 

Thanks again

Regards,

Tim

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux