On Wed, Mar 4, 2009 at 6:55 PM, Chris <dmagick@xxxxxxxxx> wrote: > Eric Butera wrote: > >> On Wed, Mar 4, 2009 at 8:18 PM, Chris <dmagick@xxxxxxxxx> wrote: >> >>> You only need to escape data coming from a user going in to your >>> database. >>> >> >> If you put user input into your database and pull it back out, it's >> still raw user input. Never trust any piece of data ever, whether it >> comes from a superglobal OR within your app itself. >> > > Isn't that what I said? > > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Actually no; you said "You only need to escape data coming from a user going in to your database."
