MySQL Forums
Forum List  »  General

Re: Unique Constraint Using My Own Definition of "Equals"
Posted by: B C
Date: March 08, 2009 01:18AM

Thanks for the extra note, but all my inputs already get routed through mysql_real_escape_string. I consider that to be a "normal" part of constructing a query.

What I'm worried about is myself or a future developer expanding the project (several months or years later) and forgetting to filter out space characters/capitalization before inserting data, since that's not something you typically do to form input. Not to mention I'm a bit of a high level design enthusiast, and application-enforced constraints are typically considered poor design. Hopefully MySQL will help me out with this in a future version.

I am taking for granted that anyone selected to work on this project will already know how to handle SQL injection attacks ... If they don't I'll have a lot more to worry about than data inconsistencies, as this project contains some sensitive information. Then again maybe that's expecting too much since the guy that came before me was using client side redirects ONLY to send users away from pages they didn't have permission to access. Oh yeah, no mysql_real_escape_string/addslashes either. -_-

Thanks again for your help.

- Bill

Options: ReplyQuote


Subject
Written By
Posted
Re: Unique Constraint Using My Own Definition of "Equals"
B C
March 08, 2009 01:18AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.