-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Brion Vibber asks:
If something like this is necessary at all, why bother with a member variable? The function should simply be overridden appropriately.
A member variable avoids putting in any ugly "if db == postgres" lines, and allows easy future handling of other date issues. I'm not sure what function you are saying should be overridden?
This looks like it may be unsafe; the code here is pretty hairy and I didn't see any _other_ validation of input.
- Confirm you didn't introduce an SQL injection attack vector on PG
systems.
Excellent point, I'll fix that up.
- Consider simply fixing the code to properly validate input and
produce portable output, the way it's supposed to.
There should be no need to check or care what internal format the database uses when dealing with form parameters.
Not clear what you mean here. Since the internal format determines the range of valid form input, the only other way to do it is to convert the timestamp to epoch, output that, and then make sure we convert it back after the validation but before it is passed to any queries (or make alternative queries).
- -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200611290849 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8