bruce wrote:
but what do you mean by "...escape output!!"
Output is data that you send somewhere else. In other words, if it leaves your application, it is output.
This is explained a bit further (with some code) near the start of this talk:
http://brainbulb.com/talks/php-security-audit-howto.pdf Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
