At 5:17 PM +0200 10/11/07, Manuel Vacelet wrote:
The thing that remains not very clear to me is where validation stop
and where application logic start.
Forgive me if I'm stating the obvious.
For me, there isn't a variable that I receive in any of my scripts
that I don't know what it should be (exact or range) and, as such, I
filter accordingly.
A very good book on this subject is Chris Shiflett's PHP Security
(http://shiflett.org/).
He uses a methodology of clean variables that answers the question you pose.
As for me, the acquiring any variables outside my script requires
checking -- it's a one part process and not two.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
