On 24/09/2009, at 10:04 PM, Dino Vliet wrote:
Question 1)
I see the need to present the users of my site with a small little
calender, when they want to input date fields in my forms. How is
this accomplished? Do I really need javascript for this, or are
there other possibilities, preferrably with TCL?
That'll require Javascript. There's enough examples you can just use
from elsewhere. I minimize JS too, but this is something that can't be
done without it.
Question 2)
I would like to see people select their current country in a drop
down box. Does anyone know how this is done? And where I will get
the whole list of all countries in the world?
ISO 3166 is your friend: http://www.iso.org/iso/iso3166_en_code_lists.txt
Question 3)
If I look at my access.log file, I see a lot of strange requests
where my server gives 404 as a response. [...] I tried googling for
this but they are all apache related.
Yup, I just ignore them for that reason.
Who has some pointers for me regarding aolserver? What kind of
operators should I avoid?
The two main attack vectors for any web application are: remote code
execution and SQL injection. The first one could occur if you
dynamically create Tcl code using values sent by a user (either as
form data, part of the URL, part of headers, anything) and then use
subst or eval on it. Don't do that! :) SQL injection (google it) is
pretty much the same, except on the sql level. Always use
ns_sqlquotevalue or a routine you create yourself to properly quote
ANY value. Just because you are expecting a numeric value to come
back, you can't think that you won't have to check it. You must check
if it is a number value. ("string is integer -strict" is your friend)
Validate any user data before you try and send it to the database. If
it's not right, throw it back at the user.
Aside from that you will of course need to good user login mechanism
to make sure only people that are allowed to do stuff can do so.
Should I put every logic into the TCL or ADP pages (like calculating
a price of a service or checking the availability of a service etc
etc) or should I code as much logic into the database with stored
procedures.
That choice is yours, people can get quite passionate about this
subject! I only use stored procedures if it lowers the load in the
database. If it would make the database do more work I don't because
scaling a database is a lot harder than putting an extra web server in
front of it. An exception might be where you have other software
accessing the database and it makes sense to maintain the business
logic in stored procedures instead of two pieces of client software.
Would you put smtp login credentials for a external smtp server in a
TCL or ADP
I wouldn't have an SMTP server that requires login if I can avoid it.
The mail server should be able to be set up to just allow mail from
the ip or subnet of your server. But if you needed it, I would put the
username and password in a config file.
Bas.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
