> I recommend this setup for date entry since it does help a little with > the input sanitizing: When you use a Select tag, the user input options > are known values and it allows you to be much more aggressive and > unforgiving with your input validation. Text box input requires some > fuzzy acceptance of values, but a Select/Options list does not - you can > validate against a fixed set of values and anything else must have come > from a Bad Guy.
Hi, Thanksfor the replies. I've just been chatting with my brother-in-law who is a ruby programmer (considerably better than am I) and he pointed out that as I am calling the method which uses "eval" thus: map_three_fields :dob_day, :dob_month, :dob_year, "make_date", "dob" the method doesn't accept any user input as arguments (only three symbols and two strings) and is therefore harmless. So I guess I can stick with my original method after all. Cheers Jim -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
