Hi, > > Is it bad to give field names the same name as their database > > counterpart? i.e. In a database the first name column might be known as > > 'fname'. Should a form field called 'fname' NOT be created?
I actually had the same question a little while ago and after doing some reading it left me even more confused... > As long as you recognize that you need to filter things appropriately it > doesn't really matter. Kind of came to that conclusion after a little while and started to use the ADODB class to filter all user input that goes to the DB... I would appreciate it if you tell me if you have used the class and if you have any warnings/notes/suggestions about how even after using that class I can screw up. > If you have written something and you'd > like me to take a quick look for > any obvious exploits, feel free to mail me privately. If your site > requires a login, you can send me a test login if you want so I can dig > a bit deeper, otherwise I will still prod it from the outside. I'm not > going to hack into your server in any way, just prod your web > app That is extremly generious of you as I didnt really think you would have the time considering the amount of projects,books etc you are involved with (yep, I read your CV on your site :-D ), but I would like to take you up on your offer as I am sure to learn something from it...only problem is, the site I have just made is mostly in Swedish...I can give you a "star account" (Star accounts are the paid accounts) for you to login and test the site, but do you think you could still test it since its mostly in Swedish? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
