On Mon, 31 Jul 2006 02:34:29 -0700 "AD7six" <[EMAIL PROTECTED]> wrote:
> Why use sanitize at all? Data sent to the DB get´s escaped anyway, so > it´s not exactly necessary. I thought the intention of the sanitize > class was for example, so you could still escape your custom sql > queries easily. Well, cleaning potentially dangerous HTML to combat XSS[1] attacks is useful. [1] http://en.wikipedia.org/wiki/Cross-site_scripting -- Chris Lamb, Cambridgeshire, UK [EMAIL PROTECTED] WWW: www.chris-lamb.co.uk GPG: 0x634F9A20
signature.asc
Description: PGP signature