always do serverside - that the only secure option -
use clientside (in addition) as a favour to the user to avoid repeated
page requested to fill the form in correctly. (or in order to rearrange
data before submitting to server)
Matthew Oatham wrote:
Yes I agree I need some validation, dunno w
Matthew Oatham wrote:
Hi,
only use double quotes (") if you want to have variables interpolated e.g.
$myVal = 'its amazing';
$x = "wow $myVal";
think out about the way you layout your code - it helps when you
come back to it 12 months later ;-)
sanitize all incoming variables (POST/GET/COOKIE) by
* Thus wrote Matthew Oatham ([EMAIL PROTECTED]):
> Hi,
>
> I am a newbie PHP programmer, I have some code that works but I want some tips on
> how I an Improve my code, i.e. should I be doing my updates / deletes on same php
> page as the display page, am I using transactions correctly, am I cap
Oatham" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, April 05, 2004 11:56 PM
Subject: Re: [PHP] Code Review PLEASE !!!
Wells first of all, you are going to want better form input validation.
For Example:
foreach ($_POST['fleet_id'] as $key => $value) {
On Monday 05 April 2004 04:00 pm, Matthew Oatham wrote:
> I don't think the fleet_id example will be a problem
> though as this is retrieved from the database where the field is an int.
google for "SQL injection" and you will see why what you currently have may
cause you some problems.
--
PHP
On Monday 05 April 2004 04:00 pm, Matthew Oatham wrote:
> Yes I agree I need some validation, dunno whether to do server or client
> side validation.
*both* :)
you should always do server side validation on any data, especially if you are
going to be putting it into your database. Client si
t;Jordan S. Jones" <[EMAIL PROTECTED]>
To: "Matthew Oatham" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, April 05, 2004 11:56 PM
Subject: Re: [PHP] Code Review PLEASE !!!
> Wells first of all, you are going to want better form input validation.
> For
Wells first of all, you are going to want better form input validation.
For Example:
foreach ($_POST['fleet_id'] as $key => $value) {
$fleetCode = $_POST['fleet_code'][$key];
$historyUrl = $_POST['history_url'][$key];
$downloadUrl = $_POST['download_url'][$key];
mysql_query("UPDATE imp_
> I am a newbie PHP programmer, I have some code that works but I want some
> tips on how I an Improve my code, i.e. should I be doing my updates /
> include ("../db.php");
Some things I do is use single quotes include '../db.php' ;
(they are slightly faster, no replacments looking fo
Hi,
I am a newbie PHP programmer, I have some code that works but I want some tips on how
I an Improve my code, i.e. should I be doing my updates / deletes on same php page as
the display page, am I using transactions correctly, am I capturing SQL errors
correctly am I handling form data as eff
10 matches
Mail list logo
