> Why store junk? if you're going to store data shouldn't it be > escaped/purified before you store it? then you're escaping it > once as opposed to escaping it 1000's of times every time you > display/output it?
As Brad pointed out, who's to say what's junk? It is impossible, practically speaking, to identify every possible "bad character" that may exist in your data, and you may want to use that data in different ways and different places. You may, in fact, want to use data in new ways in the future, only to find that you have new vulnerabilities for which your current data is unsanitized. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303797 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
