GamblerZG wrote:
> If you had anything other than $_OCLEAN in an echo and friends, then > you would know you were screwing up. Personally, if I pull something info from the database, then I do not usually sanitize it. Yes, I know it's less secure, but I'm willing to take such (negligible) risk for extra performance. So I sanitize data on input only.
Sanitizing is an alias for filtering and has nothing to do with escaping. One should never be considered a substitute for the other, although this is a common mistake.
Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
