This question is not app engine specific. Users can request a GET or POST with whatever values they want regardless of the underlying technology. You should google "Cross Site Scripting" and "SQL Injection" to learn about the various evil things users can do to you if you don't validate your inputs. most web frameworks have forms libraries that can simplify much of the validation.
-peter On Nov 7, 4:14 pm, adrian <[EMAIL PROTECTED]> wrote: > Every URL an app-engine app handles is public since it appears in the > URL bar in the browser. So even if it begins with _ or is strangely > spelled a user could use the back button or history and directly edit > a URL, then submit it and likely cause an error unless everything is > validated. > > Is it good practice to validate every piece of data coming in to a URL > handler by GET or POST and not assume anything? Or accept a small > number of errors when people do stupid things. I can certainly > validate everything but it obscures the code. > > Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
