|
Andrew P Holden wrote: don't you need to validate on the server if you want to avoid an attack?
Yes, to prevent injection attacks.
Andrew P Holden wrote: What is to stop someone from writing a script to send whatever they want to your server
Good point. Validation should be done on both ends.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
|
|
|
|
|
Almost there.
Try verifying at the client - the input is of the right type - and then validating at the server. Validation is a business function ad so belongs away from the user interface.
Panic, Chaos, Destruction.
My work here is done.
|
|
|
|
|
williamnw wrote: Validation is a business function
Yes.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
|
|
|
|
|
Actually, this is great example why you need to place "php_value error_reporting 0" onto your production sites even if you completelly sure that your last code is right
By the way, if you interested, this site is build on Drupal CMS.
(those ugly errors were by my fault, Drupal is not guilty
|
|
|
|
|
I would think so
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
|
|
|
|
|
neochief wrote: Drupal is not guilty
Is that like saying Rupaul is not guilty? -- LOL
Silence is the voice of complicity.
Strange women lying in ponds distributing swords is no basis for a system of government. -- monty python
Might I suggest that the universe was always the size of the cosmos. It is just that at one point the cosmos was the size of a marble. -- Colin Angus Mackay
|
|
|
|
|
It should be done both browser side and server side... Browser to reduce load in the server, and server to prevent security and otherwise issues.
|
|
|
|
|
I don't see the problem. I think it is great. Every error message should be so detailed and specific. It let's you know exactly what went wrong. I think this should be a WWW standard.
And while we are at it, let's replace all those ambiguous 'dings' that Windows plays when you hit an invalid or inactive button with full-screen error dialogues.
Just imagine if this sort of detail came up every time someone entered his/her PIN incorrectly at an ATM or POS: I bet they'd be much more careful about hitting the right keys the next time (especially if the POS device made you scroll through the error message line-by-line - and if you didn't, it would issue another error message!).
Verbosity! That's the way to make all those lazy sods pay more attention to what they are doing!
Clive Pottinger
Victoria, BC
|
|
|
|
|
One of our former staff wrote this professional IF clause in VB.NET(Hell language)
<br />
IF TextBox1.Text=1 or 2 or 3 THEN<br />
<br />
' Go to hell<br />
<br />
END IF
I tried to write codes like this, but couldn't. Can you help to write?
|
|
|
|
|
well it could be worse.. i mean he could have written
<br />
IF TextBox1=1 or 2 or 3 THEN<br />
TextBox2 = TextBox1 * 10<br />
' more ugly code here...<br />
END IF<br />
i don't know if this works with vb.net as well but in vb6 it definitly did
|
|
|
|
|
It's not uncommon at all to see coders express their frustrations in the code they write. For an entertaining afternoon of reading, go to http://www.google.com/codesearch[^] and enter the profanity of your choice. You'd be amazed what people say.
|
|
|
|
|
You have just supplied me with an infinitely amusing resource. thank you.
(the sad part is that I probably find it so amusing because I do the same thing in all of my code)
www.socoder.net
|
|
|
|
|
|
JohnnyLocust wrote: http://www.google.com/codesearch
Very interesting. Put in my name and found an old Java program I wrote back in college.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
|
|
|
|
|
Buttmunch
Silence is the voice of complicity.
Strange women lying in ponds distributing swords is no basis for a system of government. -- monty python
Might I suggest that the universe was always the size of the cosmos. It is just that at one point the cosmos was the size of a marble. -- Colin Angus Mackay
|
|
|
|
|
is your former staff in hell now ?
LOL
|
|
|
|
|
I saw her with her husband. I think she is in hell now.
YES! She is a woman!
|
|
|
|
|
Did you sack her for?
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
[my articles]
|
|
|
|
|
No, we deported her and her friend cause they didn't skilled and they did lots of such mistakes ( I remember their nightmare creatures ).
For example she named a function to something like this "girgo".
Because of this naming, my friends named her "girgo".
Now the corporation focused on C#
|
|
|
|
|
SalarSoft wrote: IF TextBox1.Text=1 or 2 or 3 THEN
Being VB illiterate...
This does work as I fear it does?
It sets the TextBox1.text to be "1" and then branches into the THEN, because 2 is equal to TRUE?
Let's think the unthinkable, let's do the undoable, let's prepare to grapple with the ineffable itself, and see if we may not eff it after all. Douglas Adams, "Dirk Gently's Holistic Detective Agency"
|
|
|
|
|
jhwurmbach wrote: It sets the TextBox1.text to be "1"
Nope. Since it follows the IF statement, VB evaluates TextBox1.Text=1 as a conditional expression (I don't know if it results in a run-time error).
jhwurmbach wrote: and then branches into the THEN, because 2 is equal to TRUE?
Yes.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
[my articles]
|
|
|
|
|
CPallini wrote: (I don't know if it results in a run-time error)
It shouldn't; nearly all flavors of VB automatically coerce numerics into strings.
Please don't bother me... I'm hacking right now. Don't look at me like that - doesn't anybody remember what "hacking" really means?
|
|
|
|
|
Robert Royall wrote: It shouldn't; nearly all flavors of VB automatically coerce numerics into strings.
I was quite confident about too, but my VBA actually doesn't like the mix. Unfortunately I have no VB6 at hand.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
[my articles]
|
|
|
|
|
Really? Works fine for me in Access 2003. It will throw an error if Textbox1 is empty, since you can't coerce a comparison with an empty string (or a null).
Please don't bother me... I'm hacking right now. Don't look at me like that - doesn't anybody remember what "hacking" really means?
|
|
|
|
|
Robert Royall wrote: Really?
Yes.
Robert Royall wrote: Works fine for me in Access 2003.
I'm using Excel 2002. But I think that VBA version difference doesn't really matter in this case.
Robert Royall wrote: It will throw an error if Textbox1 is empty, since you can't coerce a comparison with an empty string (or a null).
IMHO it will NOT throw only if the Textbox1.Text value can be coerced to a number (i.e. Runtime Error if Textbox1.Text is equal to "foo").
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
[my articles]
|
|
|
|