Export to CSV - proper format

Fairlight fairlite at fairlite.com
Thu Oct 21 14:24:36 PDT 2010


When asked his whereabouts on Thu, Oct 21, 2010 at 10:39:25AM -0700,
Bill Campbell took the fifth, drank it, and then slurred:
> Since the TAB character is used in pretty much any data entry
> screen to move from a field to some other field, it cannot be
> entered as data thus is the safest to use for the field delimiter.

I've seen people say ^A (\001) is a good candidate, but will fP allow or
choke on ^V^A entry?  :)  I've never had occasion to try.

> Robust systems never make any assumptions about data entry being
> done correctly or even logically (not to mention maliciously).
> Improper (no) checking leads to SQL injection attacks, many PHP
> exploits, etc. which are left open by ``programmers'' who use
> these very simple languages without understanding these issues.

What Bill said x100.  This is the reason the Web Applications of SANS @RISK
is usually so damned long, and why PHP and PHP-based applications account
for 95%+ of the entries on a regular basis.  That, and it's "designed" like
hell.  But a good programmer can work around poor design.  Too many former
AOL users must be "coding" in PHP, methinks.

mark->
-- 
Audio panton, cogito singularis.


More information about the Filepro-list mailing list