Dotan Cohen wrote:
On 24/04/07, Justin Frim <jfrim@xxxxxxxxxxx> wrote:
if (get_magic_quotes_gpc()) {
/*
(unfortunately in PHP these are enabled by default. AHH! Which idiot
thought this was a good idea to turn them on by default? Good
programming
practise is to manually encode only the data that requires encoding
just
You've got a typo in practice.
I seem to recall I was in a very, very bad mood when I wrote that
comment. *L*
While I do normally strip out all my nasty comments before making code
go public, I still keep them in some of my personal scripts for
historical humour among friends. But thanks... I'll try to keep that in
mind. :-)
I took chris's advice and filter for XSS after the info is retrieved
from the database, before sending it to the browser.
I'm assuming then you want the data to be able to contain _some_ mark-up
considered to be safe?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
