> I think that approach is asinine. To blindly sanitize > variables with no regard for what they contain seems dumb. > The correct answer to me would be to sanitize as necessary > with functions like htmleditformat() at the point of use.
I don't think there is a single "correct" answer. That said, there is a good argument for storing "unsafe" strings and making them safe when viewed. This article mentions both approaches, although it's really about something else altogether: http://www.joelonsoftware.com/articles/Wrong.html Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298525 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
