[AppDB] Make screen shots safe from SQL injection
cmorgan at alum.wpi.edu
Tue Jun 27 11:21:18 CDT 2006
> > As we've discussed before I'd rather we did a single full pass of manual
> > testing than several full passes. It saves us time in that we don't have
> > to test the same things repeatedly like we would have to do when making
> > changes to things like classes that are used all over the code.
> Your logic is flawed and only applies if the patch has no bugs. By breaking
> up the patch into smaller pieces you save time in testing when there are
When were you going to report the issue with query_parameters() that I found
the other day and sent in a unit test and patch for? Why do projects like
Wine have automated tests instead of manual ones? I think we want to mirror
successful projects like this by automating our testing. Manual testing may
catch some bugs but it is always going to be more time consuming and less
As I've said before, manual testing is ok but isn't likely to be as good as
automated testing. That function is used in all sql calls. Modifying it
should mean that we have to check EVERY sql call in the appdb.
> > In any case I'm implementing unit tests for nearly every bug I find. I
> > haven't thought of a good way to unit test page actions yet though.
> I have no answer for that.
The trick is getting the parameters into $_REQUEST variables. I think we'll
have to build up a <input> form in the test and then submit it as if the user
clicked on 'submit'. That might require duplication of code how we currently
have some of those pages designed but we may be able to refactor them into
classes so we can reduce the duplication.
More information about the wine-devel