[GLLUG] Programming Project
Lachniet, Mark
mlachniet at analysts.com
Tue May 13 20:02:23 EDT 2008
Input validation good. SQL injection bad (and easy!) Read OWASP guides
with code examples (incl. PHP I think) at http://www.owasp.org
Mark
-----Original Message-----
From: linux-user-bounces at egr.msu.edu
[mailto:linux-user-bounces at egr.msu.edu] On Behalf Of Charles Ulrich
Sent: Tuesday, May 13, 2008 6:02 PM
To: Steven Sayers
Cc: linux-user at egr.msu.edu
Subject: Re: [GLLUG] Programming Project
2008/5/12 Steven Sayers <sjsayers93 at gmail.com>:
> I know I've been told between mostly Marshall and Rick that I need to
> plan out a project at the very highest level first, then figure out
> how it works after stating what it does [in non-technical terms].
> After an extended period of programmers block syndrome (P.B.S. for
> short) I've come up with an idea(r). In drivers training we will be
> keeping a log, I don't want an application as an alternative for that,
> since this log must be turned into the State Department, but however I
> want to write an application for the similar recreational use. I'd
> like their to be many text-fields for items such as; the date,
> destination, how it went, interesting things that happened. In the
> future I'd like to possibly add the ability to add pictures to the
> specific driving event. Now I'll lightly reach the technical bits, but
> without covering much at all, Trying to avoid the inadvertent mental
> pride beating I'll get if I'm wrong. It'd have a GUI and functions to
write to file, read from file, and render the information in the actual
GUI .
Sounds like a pretty good candidate for a web-based app. Is this a
project that you're doing on your own or are you looking for GLLUG
input/help?
While you definitely want to plan as much as possible for a production
application, there is also something to be said for developing "toy"
programs via the trial-and-error method. The end result may not have any
practical value, but you'll have learned a lot about the language and
it's capabilities and limitations. As a casual programmer, my style is
somewhere in the middle. For my own personal projects, I get a rough
idea of what I want to do, throw together a prototype, and then flesh it
out into a more complete application.
While we're on the topic of programming, I have a general question for
any PHP coders out there... how do _you_ deal with input sanitation?
Is there a class or something that makes this straightforward or do you
really have to carefully scrutinize every variable and SQL query because
an automated process can never cover every contingency?
Charles
_______________________________________________
linux-user mailing list
linux-user at egr.msu.edu
http://mailman.egr.msu.edu/mailman/listinfo/linux-user
More information about the linux-user
mailing list