On 8/7/07, Richard Lynch <ceo@xxxxxxxxx> wrote: > On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote: > > It's actually not so much for echo'ing as it is for processing the > > data in another manner that makes it dangerous not to do some > > sanitizing and checking.... such as database manipulation. > > This is wrong. > > Google for "cross site scripting attack" to get some sense of just how > wrong this is. :-) > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/browse/from/lynch > Yeah, I get a buck. So? > > Under normal circumstances, Rich, you're exactly right. I know exactly what XSS is, thanks. However, in the context of this scenario, my point was valid. So there! ;-P -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 Hey, PHP-General list.... to give something back to everyone, you guys can have 50% off every month on hosting plans of $10/mo. or more (list price) at http://www.pilotpig.net/. Use the coupon code phpgeneralaug07 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
