[GLLUG] Programming Project

Richard Houser rick at divinesymphony.net
Tue May 13 23:42:37 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| Sounds like a pretty good candidate for a web-based app. Is this a
| project that you're doing on your own or are you looking for GLLUG
| input/help?

In fact, that sounds like: "I want to write a simple blog program".

| While you definitely want to plan as much as possible for a production
| application, there is also something to be said for developing "toy"
| programs via the trial-and-error method. The end result may not have
| any practical value, but you'll have learned a lot about the language
| and it's capabilities and limitations. As a casual programmer, my
| style is somewhere in the middle. For my own personal projects, I get
| a rough idea of what I want to do, throw together a prototype, and
| then flesh it out into a more complete application.

I completely agree, but even as a toy application, you should be able to
state a goal of what you want your program to do.  In a toy application,
that goal might just be "use technology X and Y together to do something
loosely related to Z".  That's all well and good... if that can be
spelled out.

We'll be going into some of this stuff in an interactive fashion at the
next introduction to programming session at a GLLUG meeting shortly
after the BBQ.  I'll get it on the calendar sometime soon.

| While we're on the topic of programming, I have a general question for
| any PHP coders out there... how do _you_ deal with input sanitation?
| Is there a class or something that makes this straightforward or do
| you really have to carefully scrutinize every variable and SQL query
| because an automated process can never cover every contingency?

It's been a long time since I dealt with PHP, and I didn't do anything
really in-depth, but there were helper encode and decode functions to
sanitize for XHTML display, RDBMS use, etc.  You should be sanitizing
against anything you use the data for.  If you place user submitted data
it in an SQL database and later display it on the web, pump that through
both sets of functions.  Other languages have similar features for
preventing SQL injection, just developers tend to be particularly
lazy/careless about that sort of thing.

| Charles
| _______________________________________________
| linux-user mailing list
| linux-user at egr.msu.edu
| http://mailman.egr.msu.edu/mailman/listinfo/linux-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFIKl+sUMkt1ZRwL1MRAnXxAKCEO/qBNLY9bAauaKLk3hNcYQ72uACgmvI2
+MflIlT2ENqtiUL4+rgEAss=
=Y8+x
-----END PGP SIGNATURE-----

More information about the linux-user mailing list