[snip] First, the subject title is LOL. [/snip] I know... I wish I had thought of it! [snip] Second, I don't know about others but every ajax post/get data received is treated like any other post/get data -- it's validated and scrubbed. Most ajax data provided in my scripts are there to trigger an event in a php script -- so it becomes even simperer to scrub it via a switch -- either it fits what I expect or the process/flow travels to a default, but the "data" is never used "as-is". [/snip] All of my PHP/Ajax functions are in one file (per application) with a case for each one. I apply typical scrubbing to this too, so I never use stuff as is either. I guess I could take the step of using php to obscure the javascript code. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
