FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Good code or bad code?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Good code or bad code? [message #170205 is a reply to message #170201] Mon, 18 October 2010 06:09 Go to previous messageGo to previous message
Hamish Campbell is currently offline  Hamish Campbell
Messages: 15
Registered: September 2010
Karma:
Junior Member
On Oct 18, 12:58 pm, Thomas 'PointedEars' Lahn <PointedE...@web.de>
wrote:
>> You must ALWAYS use htmlspecialchars, when the user interaction can
>> alter anything you will print in the output.
>
> Not when, iff.  In the case of $_SERVER['SCRIPT_NAME'], user interaction
> cannot alter anything.  That is my point that you are still missing.

Always filter untrusted content for output. Untrusted is anything you
have not set yourself or has not been demonstrably cleaned for output.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: buffering to allow headers in code?
Next Topic: Stats comp.lang.php (last 7 days)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 05:44:29 GMT 2024

Total time taken to generate the page: 0.04446 seconds