Travis Doherty wrote: > Why is this so bad? > > <?php > // blindly run everything in _REQUEST through htmlentities 1. That's escaping, not filtering. 2. http://shiflett.org/archive/178 3. Using $_REQUEST is sloppy and makes CSRF attacks easier. Maybe more? This is bad for all the reasons magic_quotes_gpc is bad... Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
