Jay Blanchard wrote:
[snip]
In the spirit of improving the mailing list, I'd like to suggest that
we, as a group, attempt to not provide answers with Bad Practices, or
at least always to point out that the Sample is Bad Practice for
production sites?
For example, an answer to a question about <?php echo $foo?> where it
is clear that register_globals is "off" should either specifically
sanitize the data, or make reference to the need to sanitize the data,
or link to http://phpsec.org or something along those lines.
Otherwise, we merely perpetuate the problems of Bad Code with our
answers to newbies, who then run off and write insecure sites and
cause us more grief down the road.
Hmmm. Maybe this should be part of a Netiquette document "How to give
good answers" right next to that "How to ask good questions" document
:-^
[/snip]
I vote for that. I need to find that doc...curt z had it on a site
here is the link for the improved newbie doc -
http://zirzow.dyndns.org/php-general/NEWBIE
--
life is a game... so have fun.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
