Using information_schema as a method of Form Validation??
Posted: Wed Apr 26, 2006 4:59 am
Hi all,
My first new topic, please don't bite...
I've done some fairly extensive searches, and can't seem to find anyone who suggests doing this, so I thought I'd sign up and ask for opinions.
I'm running PHP over Apache and mySQL, and I recently had an idea to use the information_schema in my form validation. Within the information_schema are stored all the details of the columns, lengths, data types etc., and so I decided to use it to (partially) validate user input from forms, for example,
all I've got to do is a:
and this gives me the information (example):
"Username", type varchar, length 30, not null
"Password", type varchar, length 32, not null
"Age", type int, length 3, not null
etc.
With this information, and suitable naming conventions on my forms, I can automatically validate a form containing these fields.
Obviously, all I'm validating here is that the data entered by the user will not cause errors at the database level - clearly, I'm not validating actual content - for instance, if a field needs to be within a certain range of values, this would require further more specific validation.
All I'm doing here is asking for feedback - is this a good idea? Are there any security issues? Can you suggest better methods of achieving this? Do you use something similar?
My first new topic, please don't bite...
I've done some fairly extensive searches, and can't seem to find anyone who suggests doing this, so I thought I'd sign up and ask for opinions.
I'm running PHP over Apache and mySQL, and I recently had an idea to use the information_schema in my form validation. Within the information_schema are stored all the details of the columns, lengths, data types etc., and so I decided to use it to (partially) validate user input from forms, for example,
all I've got to do is a:
Code: Select all
SELECT COLUMN_NAME, DATA_TYPE, MAXIMUM_CHARACTER_LENGTH, IS_NULLABLE FROM COLUMNS WHERE TABLE_NAME='table_name' AND TABLE_SCHEMA='database_name';"Username", type varchar, length 30, not null
"Password", type varchar, length 32, not null
"Age", type int, length 3, not null
etc.
With this information, and suitable naming conventions on my forms, I can automatically validate a form containing these fields.
Obviously, all I'm validating here is that the data entered by the user will not cause errors at the database level - clearly, I'm not validating actual content - for instance, if a field needs to be within a certain range of values, this would require further more specific validation.
All I'm doing here is asking for feedback - is this a good idea? Are there any security issues? Can you suggest better methods of achieving this? Do you use something similar?