chris... i understood the concept of data being output from an application/function. my question was directed towards trying to understand if you were meaning that an app should escape all output from the mysql db?? or, were you referring to data that would go back to the user via a form? in other words, which 'output' function are/were you referring to. -bruce ps. tried to get to the link... it wouldn't come up for me for some reason... -----Original Message----- From: Chris Shiflett [mailto:shiflett@xxxxxxx] Sent: Thursday, September 22, 2005 8:38 PM To: bedouglas@xxxxxxxxxxxxx Cc: 'Chris W. Parker'; php-general@xxxxxxxxxxxxx Subject: Re: basic user/input form questions... more validation! bruce wrote: > but what do you mean by "...escape output!!" Output is data that you send somewhere else. In other words, if it leaves your application, it is output. This is explained a bit further (with some code) near the start of this talk: http://brainbulb.com/talks/php-security-audit-howto.pdf Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
