Daniel Brown wrote:
On 8/7/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote:
It's actually not so much for echo'ing as it is for processing the
data in another manner that makes it dangerous not to do some
sanitizing and checking.... such as database manipulation.
This is wrong.
Google for "cross site scripting attack" to get some sense of just how
wrong this is. :-)
Under normal circumstances, Rich, you're exactly right. I know
exactly what XSS is, thanks. However, in the context of this
scenario, my point was valid.
So there! ;-P
Why do i get the feeling that someone, some day, will be saying that
("So there! ;-P") to you?
Again: http://phpsec.org/
b
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
