17 Oct
2008
17 Oct
'08
9:30 a.m.
Ziba Scott wrote:
So I'm working on a patch which will make it easy to attach a regular expression for validation to every contact field so that any character in any field which will cause problems gets rejected and characters which trip up the current prepare statement but are acceptable for use down the line will get escaped and stored.
Invalid characters must not screw anything up on a DB side if you use SQL the right way - if it does it means your SQL code is wrong and not using prepared statements the right way.
The only reason for input validation is to reject chars that are invalid
- i.e. a @ in a first name does not make sense. The goal is not to fix
the SQL backend within the frontend code!
Mike
--
Michael Baierl
http://mbaierl.com/blog/
- - - - - - - - - - - - - - - - -
"Don’t worry about people stealing your ideas. If your ideas are any
good, you’ll have to ram them down people’s throats." (Howard Aiken)
_______________________________________________
List info: http://lists.roundcube.net/dev/