Randall R Schulz escribió: In essence you're accepting fragments of PHP code > from the client
nope. Im accepting a value of type string, that in this particular case can be used to execute malicouos code **in the client side**. You are mixing apples with pears, Sql Injection is one thing and XSS is other quite different but caused by the same problem, bad user input validation/escaping/whatever. ( not a PHP problem, btw)
signature.asc
Description: OpenPGP digital signature
