The data is displayed on the screen, and the user can change it as many times as they want. What do you think now Ash? Mike On Tue, Feb 16, 2010 at 9:29 AM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>wrote: > On Tue, 2010-02-16 at 09:07 -0500, Mike Alaimo wrote: > > Can anyone guide me here? I have the desire to store user entered > data into the session. I am regexing it to be only a-zA-z0-9 and a > space. The data is stored in an object and then serialized before > storing it into the session. Does anyone see any potential security > risks here? > > Thanks, > > Mike > > > > I think you're fine, I can't see any problems. I think most of the time you > have to worry when you're actually doing something with the data, like > inserting it into a file or database, or outputting it to a screen, as these > are the times that injections can take place. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > >
