Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95087
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 39962 invoked from network); 12 Aug 2016 11:01:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Aug 2016 11:01:31 -0000
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.230 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 217.147.176.230 mail4-3.serversure.net Linux 2.6
Received: from [217.147.176.230] ([217.147.176.230:52678] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 34/AE-56950-98CADA75 for <internals@lists.php.net>; Fri, 12 Aug 2016 07:01:30 -0400
Received: (qmail 7860 invoked by uid 89); 12 Aug 2016 11:01:21 -0000
Received: by simscan 1.3.1 ppid: 7844, pid: 7854, t: 0.1846s
         scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677
Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 12 Aug 2016 11:01:21 -0000
To: internals@lists.php.net
References: <10fbcb03-5de8-4d9a-da1c-7e2bf77937cb@lsces.co.uk>
 <CAGa2bXZQtWpLGz4btOZ_+hYZrbkOEbBg9V2MvTHRMC6J1qU4OQ@mail.gmail.com>
 <d988b027-d9b8-cf08-9a3f-c5ae37eaa60c@lsces.co.uk>
 <9f76a201-7423-51d3-96df-d14a1f38b843@gmail.com>
 <f357002a-f138-4e65-f3a9-2c709a32ac92@lsces.co.uk>
 <7b2581b5-c75d-cc72-745f-a58cded6dfd9@gmail.com>
 <CAEU6NActcL4vN-YMT=ggrN2jtciRKg89w6OGRxuw7gbZ++0qmw@mail.gmail.com>
Message-ID: <62f3799e-6df8-fe46-40f7-86c99e80992c@lsces.co.uk>
Date: Fri, 12 Aug 2016 12:01:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2
MIME-Version: 1.0
In-Reply-To: <CAEU6NActcL4vN-YMT=ggrN2jtciRKg89w6OGRxuw7gbZ++0qmw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] Simple variable handling.
From: lester@lsces.co.uk (Lester Caine)

On 12/08/16 11:01, Peter Lind wrote:
> On 12 August 2016 at 11:54, Rowan Collins <rowan.collins@gmail.com> wrote:
> 
>> On 12/08/2016 10:21, Lester Caine wrote:
>>
>>> Many of my systems run on secure intra-nets and much of the 'safety
>>> concerns' that have been brought up recently as 'essential' simply don't
>>> apply.
>>
>> There's always rogue employees / students / visitors with temporary
>> access... But yes, IF you trust your users 100% to be non-malicious,
>> non-curious, and uninfected, THEN you can trust your user input. :)
>>
> You forgot non-clumsy. Typos also happen and can have problematic results.
> 
> You cannot trust user input. End of discussion.

That someone puts in Joens rather than Jones is a fact of life, and will
result in records that can't be matched. But a UK formatted date
validated in the browser makes checking it's in a valid range easier in
the PHP end. It's simply a matter of just what you can test and where,
and if needs be the system keeps track of who is making mistakes in data
entry and their supervisor deals with them. THAT is a report my CMS
systems have had from day one :) But if they have stolen someone else’s
access card then all bets are off. But there is no 'delete' function on
the data so all changes are recorded.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk