Nisse Engström wrote:
On Wed, 18 Feb 2009 10:37:53 -0800, "Michael A. Peters" wrote:

http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html

explains a technique to validate the input as well (don't trust that is clean)

Amazing! Not once did they mention htmlspecialchars().


/Nisse


htmlspecialchars causes problems if you are going to use the data with DOMDocument.

I believe the point was to produce a proper _SERVER['PHP_SELF'] - not a sanitized but still borked version.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to