NYCPHP Meetup

[inforequest]

Jeff Siegel jsiegel1-at-optonline.net |nyphp dev/internal group use| wrote:

> For starters see: 
> http://education.nyphp.org/phundamentals/PH_storingretrieving.php
>
> You'll probably also want to use some regular expressions with 
> http://php.net/preg_match
>
> You should also check out "PHP Cookbook" - there are some "recipes" 
> dealing with input validation -  and there is a section in "Web 
> Database Applications with PHP and MySQL" (Williams/Lane...this is an 
> Oreilly book) on validating input.
>
> Jeff
>
> leam at reuel.net wrote:
>
>> Good heavens, the people I write php for are actually using it! Errgh!
>>
>> Any good references on validating user input that's headed for a 
>> database? What are some of the ways malicious or bad data is formed?
>> And Merry Christmas Season to everyone!
>> ciao!
>>
>> leam
>

During development you may want to propose a quick coding style tip for 
anyone messing with code. Once they understand the need for input 
validation they can "guesstimate" the relative level of input validation 
being done by a script *in it's current state* and add a comment to that 
effect. For example, a new script never tested starts with <!-- ival 0  
--> and one where the coder has routinely included use of input 
validation libraries might get <!-- ival 7  -->. You might simply 
require anything they add to be commented as level 1, for safety.

You might suggest that placing a low ival comment removes culpability 
from the coder... to help it get included ;-)

Many problems arise from 
not-having-time-to-go-back-and-clean-up-the-code-later and this "method" 
keeps it on the radar during coding, making it easier to 
locate/prioritize review later (find all files ival level 0, then 1, 
then 2, etc.....)

No replacement for good house standards, proper use of classes, 
libraries, code review, and all that. And of course don't leave the 
comments in production code.... But at the same time, it might help out.

-=john andrews