[Xerte-dev] Re: Weird

Smith, John J.J.Smith at gcu.ac.uk
Fri Jan 25 20:12:18 GMT 2013 

Its definitely not a criticism but if we can catch things like and update and improve them then we might as well do it, right? Cuts down support issues to - if Julian is getting frustrated with it i'm sure others will eventually too!!

Happy to help with the php stuff too if you decide to overhaul in prep for 2.0

Regards

John Smith
Learning Technologist
School of Health and Life Sciences

Sent from Samsung Galaxy SII



"Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:


In theory you can't use drop as the MySQL user account is supposed to be select, insert, update and delete only.

That file is 4 years old

I wrote it to stop things in a blunt way, finesse is welcomed

Pgogy Webstuff - http://www.pgogywebstuff.com
Makers of web things of a fair to middling quality

On 25 Jan 2013, at 19:20, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:

> Is that best practice or even desirable? Surely if we cleanse the data, are checking for undesirable characters and escape quotes etc then 'reserved' names would be usable as is other systems?
>
> You cant inject a drop table command without taking advantage of poor input cleansing...
>
> Regards
>
> John Smith
> Learning Technologist
> School of Health and Life Sciences
>
> Sent from Samsung Galaxy SII
>
>
>
> Dave Burnett <d_b_burnett at hotmail.com> wrote:
>
>
>
>
> To avoid SQL injection like DROP TABLE some db's say "No Thanks"
>
> ??
>
>
> ________________________________
> From: Julian.Tenney at nottingham.ac.uk
> To: xerte-dev at lists.nottingham.ac.uk
> Date: Fri, 25 Jan 2013 15:32:21 +0000
> Subject: [Xerte-dev] Weird
>
>
> Why can’t I create a project called ‘drop’?
>
>
>
> I can create projects called:
>
> d
>
> r
>
> o
>
> p
>
> dr
>
> ro
>
> op
>
> dro
>
> rop
>
>
>
> but not ‘drop’.
>
> “Sorry that is not a valid name. Please use only letters and numbers”
>
>
>
> WTF?
>
>
>
>
>
>
> _______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>
>
>
>
> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>
> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>
> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.

_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html

More information about the Xerte-dev mailing list