> [EMAIL PROTECTED] wrote: > > > Isn't that called input validation and something that should be done > > anyways? > > True. But some input validation is a bit aggressive. How many broken > Web forms out there don't permit "+" in an e-mail address? And my > colleague, Dave O'Neill, can tell lots of horror stories about how his > name is mangled by aggressive-but-incorrect SQL-injection > countermeasures. :-( > > Regards, > > David.
It's not only that, try going through several dozen client-developed web forms and adding form validation to ALL of them. Additionally, who's to say that the "kiddie script-writer" will continue to use email addresses in all the form fields (what if they just fill all the fields with "sksdljsdfljsl" and send them repeatedly)? Even if their intentions aren't being met, they are certainly causing headaches, getting clients angry with their ISP/hosting company -- just a nuisance and waste of time I guess. - Chris ------------------------------------------ Chris Gauch Systems Administrator Digicon Communications, Inc. http://www.digiconcommunications.com [EMAIL PROTECTED] _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang