On 17/08/16 09:33, Stanislav Malyshev wrote: >> "Input validation" should reject all of them and does not have to inform >> users >> > (attackers) to "there is invalid input". If you need to tell legitimate >> > users
> I think we disagree here. I think not doing this makes my work as a > developer much much harder. I'm with you on this Stanislav ... we need to know what failed in order to decide what to do about it. While simply crashing out was acceptable 15 years ago, nowadays knowing what attackers are after can be important? ( and the javascript thing is more a case of upgrading PHP examples to use html5 validation by default ) -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php