Once upon a time someone said it was a security risk to echo back $_POST data unconditionally, even if you escape it, and even though you are only showing them the very thing they just submitted to you. But I forget what that risk was. Maybe I misremember.
I suppose if someone were to submit a string the length of War and Peace, it would squander bandwidth if you sent it back without truncating, but is that a true security risk? -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
