At 8:39 AM -0500 8/3/07, Jay Blanchard wrote:
How are you securing Ajax? I know that for the most part we send data to
a PHP script for processing, so all of the normal rules for sending that
data apply (mysql_real_escape_string(), etc.)
Jay:
First, the subject title is LOL.
Second, I don't know about others but every ajax post/get data
received is treated like any other post/get data -- it's validated
and scrubbed.
Most ajax data provided in my scripts are there to trigger an event
in a php script -- so it becomes even simperer to scrub it via a
switch -- either it fits what I expect or the process/flow travels to
a default, but the "data" is never used "as-is".
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
