Closed sturnbull closed 11 years ago
prhammond
commented
11 years ago Not sure. brings up several design questions: 1) how do we prevent sql injection and stay secure? 2) where does one tag stop and the next begin? IE aircraft carrier - one tag or two? 3) so then - how do we edit tags? do we put all tags into one record? can we search OK that way?
enasni
commented
11 years ago 1) i use a white list of acceptable characters. first we use client-side javascript to prune out users accidentally typing in characters we deem bad. then we re-validate the input ion the server side based on regular expressions prior to using them. album and image descriptions now allow [a-ZA-Z0-9 _,.!]
2) the separating character I've been tokenizing on is the comma ','
3) each tag is stored as an individual row in the tags table associated with the picture it 'tags'. we have the ability to add new tags but not delete existing ones.
prhammond
commented
11 years ago sounds good to me
prhammond
commented
11 years ago Believe this issue is closed - Image upload description field allows upper/lowercase, numbers and spaces
After uploading an image, description field is limited to lower case and numbers only. Is this intended?