All my point is that I've been on this list for a while. I've posted
code and watched people just copy and paste it. I've watched other
people copy and paste their examples. I used to say sanitize your
data and watch the same exact thing in their new function coming back
at me without any sanity checks whatsoever.
So my point is that people don't know how to do it. If you decide to
help people out with their issues you need to also help them
understand how to filter/escape their data. Otherwise keep in mind
those people are going to copy your code with the comment saying
sanitize it, and it isn't going to be escaped. Maybe that is okay
with you but I see that as a problem. I know Jason said he is doing
it elsewhere, but that is the rare case.
That's why you never see me post WHOLE code on this list. It's not that
I can't make whole code, it is because I don't want people to take what
they were too dumb to figure out and copy my stuff.
For those who stumble aren't dumb, they are trying. We've all been
there (Jason and Dan when they woke up in their own beds and dresses)
and we've all hit a "I've tried to do x and keep ending up with y".
But the ones who post and then copy and paste are dumb to use stuff
without understanding it and sanitizing it. Frankly, they will learn
when they have to explain that their application is the cause of their
company website being defaced and their personal/private data leaked due
to insecure apps.
Is it enough to write "your sanity check should go here"? You bet your
@$$ it is, though *I* may not choose to put it there. We all code
differently. We all sanitize/escape/safe our apps in different ways.
But don't read code I post to the list and expect it to work out of the
box in yours and be secure.
Otherwise, this list needs to turn into the "PHP Freelancers" and we all
make $1 per post and then use Dan's script to make sure we get the right
$$$ every week.
And you DO own Dan an apology Eric.
And no Jason, you aren't dumb, I've seen your other coding and you
haven't just copied/pasted everything.
Wolf
HowTo: Sanitize user input
http://www.phpbuilder.com/columns/ProPHPSecurity_excerpt_part3.php3?print_mode=1
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
