David Krings wrote:
Gary Mort wrote:
David Krings wrote:
Exactly! All input is evil, even when it comes from your database
and your script. There is no good reason not to check input each and
every time, there are only bad excuses for not doing it.
Well, by that token you should maintain a
Gary Mort wrote:
David Krings wrote:
Exactly! All input is evil, even when it comes from your database and
your script. There is no good reason not to check input each and every
time, there are only bad excuses for not doing it.
Well, by that token you should maintain a digital signature of
David Krings wrote:
Exactly! All input is evil, even when it comes from your database and
your script. There is no good reason not to check input each and every
time, there are only bad excuses for not doing it.
Well, by that token you should maintain a digital signature of every
script tha
Daniel Convissor wrote:
Hi Rob:
On Mon, Nov 12, 2007 at 04:26:54PM -0500, Rob Marscher wrote:
But it's expensive to escape it every time someone views the page.
Therefore, it's recommended to filter it on input but store the
filtered version
This approach is flawed because disgruntled peo
Beowulf shouts: "You know why you can't kill me?! Because I already died
long ago when I was young like you."
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpc
