hi... forgive me!!! continuing the thread from yesterday regarding filtering. (and thanks to all the msgs) for simplicity. let's deal wit a simple user input form, that's going to place the information in a db. if the app allows the user to enter the input (call it 'foo') and then submits the form via a POST, where the data is then written to the db, what kind of validation should occur? and where should the validation take place? for my $0.02 worth, there should be be validation of the 'foo' var, to determine if the var is legitimate. there should also be validation/filterin of the var when it's placed in the db_sql command... my question (and it's basic), what validation should be performed on the 'foo' var, and why? i've seen htmlspecialchars/magic_quotes/etc.. in varius articles, but i can't find a definitive answer!! also, when inserting/updating a db item, what is the 'correct' process for data? should all data that gets inserted into a db be quoted? if it should, what's the 'standard' practice? psuedo examples of this stuff would be really helpful! thanks for clarifying some of these issues... -bruce bedouglas@xxxxxxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
