Re: SQL failures, new navigation system and other things

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

                                        Maxim, 00:39:03
                                        29. august 2002 (stvrtok)
Greetings.

>   2) We're returning something from the database. If it comes from the
>      stations and countries databases, then we don't need to
>      stripslashes(). The data in those databases comes from
>      stations.csv and should be safe.

	I was not doing anything on data retrieved from database. They are 
always safe, IMHO.

>      If the data comes from the METARs database, then we have to
>      stripslashes() because slashes might have been added when the
>      data was inserted.

	I misunderstand this, but my ideas are based on the following fact:  
every string that will be inserted into database should be addslashed before
insert, because it could contain quoting character(s). Than will query
suceed and string will not contains these slashes which was added by
addslashes() call.

	If string is "safe" and it is not possible that it will contain
quoting characters, backslash or nul (\0) character, that it could be
addslashed too. It will remains unchanged.

	So conclusion: addslasles on strings inserted into DB is *always*
good idea. Problem may occur only if string is addslashed twice or more
times.

> >> Apart from that, I'll probably commit them tomorrow (or to be
> >> correct: later today, it's getting late... :-) I'm sure that I can
> >> patch the null and dba database backends to handle the lookup for
> >> country code.
> I've just commited the patches along with updated pw_db_null and
> pw_db_dba classes. I've tested all four backends, but it would be nice
> to have someone double check it on another system.

	I checkouted fresh copy of phpWeather, because there was lot of
merging problems. I tried it for MySQL and PostgreSQL and it worked well. I
also tried this "new" version of phpWeather on my site and again without
problems (I only change get_country() for get_country_code() call).

> > Without get_country() method in pw_db_dba.php it will not works.
> > That's fact.
> Yes. I've renamed the method to get_country_code() because we now also
> have a get_name() and get_country() that returns the name of a station and
> the name of the country. Is this OK?

	Yes, absolutely. I see that amount of queries was integrated into
one and cached data are stored in $icao_data now.

	=Nepto=
____________________________________________________________________________
Ondrej 'Nepto' Jombik, Open Source software developer, http://www.platon.sk/