[nycphp-talk] Form field length vs. Database field length
Scott Mattocks
crisscott at netzero.com
Mon Dec 22 13:29:35 EST 2003
Hello,
We are having some trouble with submitting user data into the database.
We have a database with a set field length and we want to be able to
store user information such as name and address. We have checks in
place to prevent users from submitting a 50 charachter string when the
db only accepts 30, but we run into problems when they submit special
characters. We want to avoid xss so we call htmlspecialchars() on any
data before we insert it into the database. But if the field takes 10
charachters and a user submits 'Scott & Ed' their info won't get put
into the db becuase the string gets turned into 'Scott & Ed' which
is too long.
Choping off the charachters after the limit will leave you with some
strange results, not to mention the wrong data. We could extend all of
the field lengths this seems like a waste of space and poor practice.
Adding 4 chars of space is no big deal but what if the user entered 10
&'s? Then we have to make the field 5 times as big as we are going to
need for 99.9% of the data. Asking the user to change the input data
won't work because as far as they know, 'Scott & Ed' fits within the
length requirements for that field.
Does anyone have any tips or tricks for this type of problem?
Thanks in advance,
Scott Mattocks
More information about the talk
mailing list