Re: SQL failures, new navigation system and other things
Brought to you by:
iridium
Menu
▾
▴
Re: SQL failures, new navigation system and other things
|
From: Ondrej J. <ne...@po...> - 2002-08-30 23:57:20
|
Maxim, 01:28:09
31. august 2002 (sobota)
Greetings.
> > I will be for this. Ugly stripslashes() hack when using icao as
> > substitution for human readable station name could be than removed.
> Where is this code you're talking about? I'm afraid that you've got me
> confused. The only code that uses stripslashes() is the code in
> make_config.php.
I'm afraid, that we do not completely understand ourself, so I will
try to explain the issue. All I was talking about is related to line 78 in
data_retrieval.php file. It looks like the following one:
$new_icao = addslashes($new_icao);
Icao is stored in internal object structures addslashed. No matter
that it will probably never contain quoting or other problematic character.
In fact, when compiling query you don't need to call addslashes() on
$icao, because it is already addslashed. My suggestion was to store icao
as-is in data_retrieval class and call appropriate addslashes() on $icao
during query compiling.
Another issue is, that in old code lookup_icao() returns either
"Location, Country" or simply "$icao" when "Location, Country" was not found
for particular $icao in database. In that case, we need to do stripslashes()
on $icao, because it stored addslashed in internal data structures.
I hope, that now you understand what I was talking about. If not, no
matters. It is only precision issue, not real problem. Icao will probably
never contains any from problematic characters and if so, everything will
probably works well.
=Nepto=
____________________________________________________________________________
"Be conservative in what you do, be liberal in what you accept from others."
(RFC 793: Transmission control protocol; chapter 2.10. Robustness Principle)
|
