Hi,
If the user inputs a & in a field, then you store it in a database, then
later you output it to a client, you are might be in trouble because the
client could think it's the beginning of an entity. In fact, there are a lot
of character to filter depending of what kind of client you are adressing (\
is a good candidate too !)
Pierre-Yves
-----Message d'origine-----
De : A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]De la part de FU
Envoy� : mardi 24 avril 2001 19:21
� : [EMAIL PROTECTED]
Objet : Re: JHacker
Hi Pierre-Yves,
> Do any of you use to input data coming from an HTML form into a database
> without filtering ? Very often this data is to be output sooner or later
in
> an HTML page. So, forgetting to filter for character such as ', ", < or &
I filter ',",< or >,but How come I gotta filter & character ?
What does it cause ?
I guess & character doesn't cause any problem, once I filter ' or " .
Thank you.
Fumitada.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
