Chuck
[EMAIL PROTECTED] wrote:
Dan Anderson wrote:
>
> He is right. Although I am new to Perl, I have had some very dumb users
> break my PHP scripts by inputting things like "eighteen dollars and 0
> cents" in a form with an explicit $ sign in front.
Sometimes "dumb users" can be quite creative:
<a
href="http://sitefinder.verisign.com/lpc?url='%3E%3Cimg%20src=http://www.patrick.fm/boobies/boobies.php?text=VeriSign%3E";>I
Love VeriSign</a> (Link might contain nudity. Yes, I know it's a plain text message.)
Conclusion: *never* assume you know how the user's input looks like. Otherwise "dumb users" can make the webmasters look dumb, like with this example.
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
