[nycphp-talk] Form field length vs. Database field length
Daniel Convissor
danielc at analysisandsolutions.com
Tue Dec 23 15:35:13 EST 2003
On Mon, Dec 22, 2003 at 02:33:43PM -0500, Scott Mattocks wrote:
> >That is to say, only call htmlspecialchars() when you're about to display
> >the data, rather than before storing it.
>
> That is probably what we will end up doing, but I don't like it. I
> would rather only mess with the data when it is submitted but it doesn't
> seem like that is going to be possible.
And what if some charming individual on staff (or whatever) that has
direct access to the database decides to (maliciously?) update data
directly?
In short, data needs to be cleaned up before being displayed.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list