Chief Delphi - database programming

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)

- Programming (http://www.chiefdelphi.com/forums/forumdisplay.php?f=51)

- - database programming (http://www.chiefdelphi.com/forums/showthread.php?t=25657)

Robert Hafner

19-02-2004 23:42

database programming

I recently finished adding a scouting database to out teams website. Please go do everything you can to break it, then tell me how you did it, so I can fix it. www.team96.org/scouting/

deltacoder1020

20-02-2004 00:14

Re: database programming

well, you probably shouldn't allow people to put HTML in the description boxes... try looking at the page for team 1020 to see what I mean.

you should run the PHP function strip_tags() on all incoming input from textboxes. also, you might considering running nl2br() on it after strip_tags to make newlines display correctly in html.

Robert Hafner

20-02-2004 00:38

Re: database programming

First of all, you are my new hero. That was cool.

Anyways, I fixed that. Of course, your team will probably need to enter new information now, since I dropped the other stuff.

Thanks.

deltacoder1020

20-02-2004 00:54

Re: database programming

One of my current projects (non-FIRST, so it's sorta on hold) is designing an e-commerce site for shareware/independent commercial software, and you wouldn't believe how much validation form submissions go through. Suffice to say that just about any input is limited to only the exact characters you would need for a response to that. For instance, an email field is only allowed the characters "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ@-_.0123456789", because those are the only characters one would need for an email address.

But the one thing you never want to let people do is submit HTML tags in any form that is going to be displayed back to the user.

All times are GMT -5. The time now is 04:19.