On 8/7/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
> On Tue, August 7, 2007 5:08 pm, Daniel Brown wrote:
> > It's actually not so much for echo'ing as it is for processing the
> > data in another manner that makes it dangerous not to do some
> > sanitizing and checking.... such as database manipulation.
>
> This is wrong.
>
> Google for "cross site scripting attack" to get some sense of just how
> wrong this is. :-)
>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/browse/from/lynch
> Yeah, I get a buck. So?
>
>
Under normal circumstances, Rich, you're exactly right. I know
exactly what XSS is, thanks. However, in the context of this
scenario, my point was valid.
So there! ;-P
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
Hey, PHP-General list.... to give something back to everyone, you guys
can have 50% off every month on hosting plans of $10/mo. or more (list
price) at http://www.pilotpig.net/.
Use the coupon code phpgeneralaug07
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
