[nycphp-talk] Need help understanding NULL
danielc at analysisandsolutions.com
Sun Aug 30 00:05:43 EDT 2009
On Sat, Aug 29, 2009 at 07:09:05PM -0700, Kristina D. H. Anderson wrote:
> >>But in the case of a form, wouldn't you be validating the input before
> >>trying to insert the record? Sorry if I seem dense--I must be
> >>misunderstanding something.
> No, you are exactly right, and you'll want to use a combination of
> client-side (form) validation and good database design
Client side validation is only good for helping the user not make
mistakes. Server side validation/escaping/prepared statements is
required for security reasons.
> Also sometimes you're not dealing with forms, let's say you have a web
> service that's sending you XML which gets processed and goes right into
> the database
> so the best way you're able to generate an error if fields are
> missing is if the query doesn't execute.
For some value of "best." It's generally nicer to validate the XML
against a schema file using DOMDocument::schemaValidate().
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk