Am 05.09.2017 um 15:44 schrieb Lester Caine:
On 05/09/17 14:08, li...@rhsoft.net wrote:
the only question as applicaton developer is how you proceed in which cases
* reject the whole request with a error-message
* reset form-fields where you don't expect an array as input
* reset from-fields with out-of-range input values
here you go:
https://en.wikipedia.org/wiki/Data_validation
When the database layer provides a complete list of fields and
validation rules as part of it's meta data, it is integral to any GOOD
process
your first error is thinking every input is related to databases at all
Copying all that data and manually creating filter rules is
just unnecessary work. In addition much of the VALIDATION is best done
at the browser end, and building that code is a lot easier when there is
a standard validation base across all of the layers!
NO VALIDATION is best done in the browser end because no attacker ever
will execute your clientside validation code or operate a browser at all
Rejecting crap from hackers that have no format matching the fields on
the browser page is something else and if the data set is corrupt then
yes you can simply skip out before doing anything with it!
and that's what the whole topic is about
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
