On Thu, Feb 28, 2008 at 12:38 PM, Daniel Brown <parasane@xxxxxxxxx> wrote:
> On Thu, Feb 28, 2008 at 12:36 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
> > And I'd appreciate it if you kept all your posts about wearing dresses
> > to yourself but it isn't going to happen. :)
>
> Heh. It is a bad visual, isn't it? ;-P
>
> --
>
>
> </Dan>
>
> Daniel P. Brown
> Senior Unix Geek
> <? while(1) { $me = $mind--; sleep(86400); } ?>
>
All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
