I've always heard it is bad if you let a user type some input, then show it
back to them w/o sanatizing the code. Eg. I have a form, where the user
types something, they hit submit and it submits to itself then prints back
to the user something like, account created with password: whatever they
typed.
Why and how do you sanatize what they typed before echoing it back to them?
I figured it was something like they could type in PHP commands but I tried
typeing phpinfo(); into the box and submitting. All that happened is that
it echoed phpinfo();
Can someone explain this?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
