NYCPHP Meetup

[nycphp-talk] Need help understanding NULL

Daniel Convissor danielc at analysisandsolutions.com
Sun Aug 30 00:05:43 EDT 2009


Folks:

On Sat, Aug 29, 2009 at 07:09:05PM -0700, Kristina D. H. Anderson wrote:
> >>But in the case of a form, wouldn't you be validating the input before
> >>trying to insert the record? Sorry if I seem dense--I must be
> >>misunderstanding something.
> 
> No, you are exactly right, and you'll want to use a combination of 
> client-side (form) validation and good database design

Client side validation is only good for helping the user not make 
mistakes.  Server side validation/escaping/prepared statements is 
required for security reasons.


> Also sometimes you're not dealing with forms, let's say you have a web 
> service that's sending you XML which gets processed and goes right into 
> the database
...
> so the best way you're able to generate an error if fields are 
> missing is if the query doesn't execute.

For some value of "best."  It's generally nicer to validate the XML 
against a schema file using DOMDocument::schemaValidate().

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409



More information about the talk mailing list