Hello again, just so I don't get it wrong: You're using Superglobals to clear user input but there is basically no further validation, right? For output to HTML, there is htmlspecialchars, sometimes in the handlers, sometimes in the templates, for the db there is PDO. Is that correct? And is that it, for filtering/validation? FormValidators is not used outside plugins, right?
Do things that can't use PDO (like table names, LIMITS, etc.) get validated somewhere? I didn't see this... thanks, florian --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
