GamblerZG wrote:
> If you had anything other than $_OCLEAN in an echo and friends, then
> you would know you were screwing up.
Personally, if I pull something info from the database, then I do not
usually sanitize it. Yes, I know it's less secure, but I'm willing to
take such (negligible) risk for extra performance. So I sanitize data
on input only.
Sanitizing is an alias for filtering and has nothing to do with
escaping. One should never be considered a substitute for the other,
although this is a common mistake.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
