- From: James Aylett <sja20@hermes.cam.ac.uk>
- Date: Tue, 12 Nov 1996 13:18:24 +0000 (GMT)
- To: Benjamin Franz <snowhare@netimages.com>
- cc: "Kevin 'Kev' Hughes" <kevinh@eit.com>, www-html@w3.org
On Tue, 12 Nov 1996, Benjamin Franz wrote:
> > Hence your CGI program must be able to cope with splitting and wrapping
> > itself. You simply can't make assumptions about how the data is presented
> > to you; you've simply *got* to check your input for validity before you do
> > anything with it.
>
> Sure you have to validity check your data. *But you have to do that
> *anyway*. No change in status. That is a null argument. 'You would have to
> do what you do anyway'. BUT - you have greatly improved the odds of the
> data *already* being valid when you recieve it and reduced the chance of
> the CGI doing something *unexpected to the user* due to invalid data.
That's only a partly fair point, as far as I'm concerned. If a CGI program
can't cope with something which 8% of the population might throw at it,
it's effectively useless - especially since dealing with a single unsplit
line is so trivial. At this level of validation it is perfectly possible
to write a parser which will never do anything unexpected, unless you
start doing horrible things with the semantics of the data (in which case
there are better ways of approaching things).
James
--
/-----------------------------------------------------------------------------\
James Aylett - Crystal Services (crystal.clare.cam.ac.uk): BBS, Ftp and Web
Clare College, Cambridge, CB2 1TL -- sja20@cam.ac.uk -- (0976) 212023
Received on Tuesday, 12 November 1996 08:19:03 UTC