Likewise, never rely solely on javascript based form input validation, you should always check form inputs server side.
Hear, hear! Always write your PHP, CGI, etc. as though some pimply little kid is going to throw a ton of crap at it to see if he can defeat it. Because sooner or later that's *exactly* what's gonna happen.
Which reminds me, and the real reason I wrote: does anybody know where I might find some good script stress testers? I basically just type stuff into form fields that I know can give scripts problems (backslashes, shell commands in backquotes, long strings, special characters) but there's got to be a better way than that. Or is this too far off-topic?
--
Rev. Bob "Bob" Crispen
bob at crispen dot org
Ex Cathedra Weblog: http://blog.crispen.org/
Some people just don't know how to drive... I call these people
"Everybody But Me"
*****************************************************
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list & getting help
*****************************************************
