On Mon, Jul 29, 2013 at 11:50:01AM -0500, Larry Garfield wrote: > On 7/28/13 9:23 PM, Paul M Foster wrote: > >On Sun, Jul 28, 2013 at 08:46:06PM -0500, Larry Garfield wrote: [snip] > > > >Except as noted above. This is all home-grown, using native PHP > >functions designed to do these things, and classes I've written. I > >carefully examine each field when writing the POST-handling code with > >the idea in mind that no matter what the HTML says, the return value > >must conform to what *I* think it should be. No MVC framework written by > >others (though I do conform to MVC paradigm). > > > >Paul > > Then you're not writing your own form tags from the sound of it; > you're writing your own Form API. Still an improvements. :-) No, I'm writing the form tags as well. I write the whole thing, soup to nuts. But as I'm writing the back end validation stuff, I realize that what I wrote in the HTML doesn't matter when it comes to hackers and script kiddies. So I use my bless and validation libraries to tackle form responses. That's the point I'm making. I understand what you're saying about using someone else's framework so you can make sure that tested code is being used to ensure against hacking attempts. But your pronouncement was so thunderous that I had to provide the exception. If you hang around here and read a book or two on security, you can write your own code that handles this stuff. Particularly if you have an example like CodeIgniter to use, to see how it's done. (There are times when I *don't* write the HTML. My wife the designer does. But I still go in and modify it to provide the validation bits which she can't do. She uses Dreamweaver, so a lot of the time, she doesn't even know what the raw HTML looks like.) Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
