Posted by Sanders Kaufman on 10/29/07 17:32

"Bill H" <someone@somedomain.com> wrote in message
news:S8WdnU0gzc8afLnanZ2dnUVZ_u-unZ2d@comcast.com...
> Jerry:
>
> I'm not sure I understand the responses. It appears:
>
> 1) the script is safe because no user input is used in the header.
> 2) the script is safe because no user data is passed into the script or
> database,
> 3) javascript shouldn't be used as an error trapping technique, although
> it is safe
>
> I don't validate the user input because I don't really care if the input
> is valid or not; almost everyone who use the page gives good information
> since they're asking us for something.


You're *may* right about this last one - but being on the web means that
you'll be getting OTHER visitiors as well.
It's likely not your regular, casualy, friendly customers from whom you need
to protect yourself.




>
> So, the script is safe but it would be wise to hire someone to build a
> better script with proper error handling. Is this about correct?

• Next in forum: Re: About Resource id's
• Prev in forum: Re: Best solution to tedious form validation?
• Thread view: Re: Securing an Email script

[Reply to this message]