[ZendTo] Re: Duplicated insert

Jules Jules at ZendTo.com
Thu Aug 12 00:05:45 BST 2010



On 11/08/2010 23:15, Sergio Rabellino wrote:
>
>
> Jules ha scritto:
>> On 09/08/2010 12:48, Sergio Rabellino wrote:
>>    
>>> In my code-checks i've found that the auth code is inserted twice and
>>> only the latest is used.
>>> I suggest to remove in lib/Verify.php the lines from 163 to 168.
>>>      
>> Where is the other instance?
>>    
> It's in Verify.php too, line 219, but in another func.
It's not quite as simple as that, as in the sub initWithFormData called 
from "new Verify()" it is needed when approving an authenticated user 
who doesn't get send the email. So if anything, it should be removed 
from the code that sends the email $verify->sendVeryifyEmail() and not 
from initWithFormData().
Do you agree?
I'm going to leave it alone for now as it doesn't actually cause any 
damage at all, but I would like to hear your thoughts on the question.
>
>>> A question: there is any reason about the removal of any international
>>> chars from name and organization ?
>>>      
>> Me being paranoid about people putting nasty characters into databases
>> and HTML.
>>    
>>> I've adapted my code to write down utf8 strings into mysqldb
>>>      
>> How do I do that?
>>    
> First of all the tables must be created/altered to support utf8 chars: 
> I did an alter from phpmyadmin setting the collation tu 
> utf8-general-ci (case insensitive). Then creating the connection to 
> the db, the first sql statement is
>
> DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
>
> to be sure that client and server share the same charset. (If you are 
> paranoid, you can lately check if it's true, asking thru php the 
> current charset/collation).
> Then the code must be changed, encoding/decoding the strings from/to 
> web forms, removing also the regex check for user typing.
> If all of this convince you, i can send all the changes (8/10 lines 
> somewhere).
> As far as i know, utf8 is backward compatible to ascii chars, so no 
> dual code is required, and today asking for an utf8 mysql table it's a 
> must for many (L)AMP apps.
I'm not wholly convinced, but send me the code anyway, so I can put it 
in (possibly commented-out for now).

>>> and i do not see any evidence of problem about it: i'm wrong ?
>>>      
>> I just want to be absolutely doubly sure that people cannot put evil
>> text in it, which is very easy to allow by mistake.
>>
>>    
> I understand, but in italian language (and in many other languages) 
> the 'special' chars are often used: university-> università ....
Ah, that does explain a good use for it, which definitely helps convince 
me :-)

>> Jules
>>
>>    
> I hope my written english it's enough to be understood.
No problem there!

Cheers,

Jules

-- 
Julian Field MEng CITP CEng
www.ZendTo.com

Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100812/b00b7756/attachment.html 


More information about the ZendTo mailing list