in reply to Input Filtering Requirements
The short answer is: "it depends."
What are your program requirements? Who is the customer and who is the expected user base?
As evil as I consider JavaScript, when I am doing CGI programming and have an input form that is going to be filled out by the general public I have a JavaScript validator check EVERYTHING on the form for validity. If the input field is a mandatory field then I make sure it is not only valid but I force the user to fill it out properly if it is wrong. If it is not a mandatory field then I blank it out if it is wrong and move on.
By using JavaScript I'm not "bothering" the hosting system with garbage and keeping data validation out on the user's browser.
There is a second level of data validation that occurs that is best kept on the hosting machine. This has to do with business logic and for a lack of better phrase account information validation. For instance for an E-Commerce type application I know that Joe Blow userid jblow123 does not have an account number with me 897654 so if he tries to claim that account is his I can rebuff him.
So, in my opinion the simple question you pose is not as simple as it seems and my short answer of "it depends" is a valid one.
Summing my answer up I would say that you need to go back to the customer (or you boss or whoever you are writing this for) and negotiate exactly what the requirements are and from that determine what data is valid and what is not and what you even care to validate.
Peter @ Berghold . Net
Sieze the cow! Bite the day!
Nobody expects the Perl inquisition!
Test the code? We don't need to test no stinkin' code!
All code posted here is as is where is unless otherwise stated.
Brewer of Belgian style Ales
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: Re: Input Filtering Requirements
by Anonymous Monk on Aug 10, 2003 at 16:31 UTC | |
by blue_cowdawg (Monsignor) on Aug 10, 2003 at 21:33 UTC |