|
Posted by "bruce" on 10/11/88 11:27
chris...
i understood the concept of data being output from an application/function.
my question was directed towards trying to understand if you were meaning
that an app should escape all output from the mysql db?? or, were you
referring to data that would go back to the user via a form?
in other words, which 'output' function are/were you referring to.
-bruce
ps. tried to get to the link... it wouldn't come up for me for some
reason...
-----Original Message-----
From: Chris Shiflett [mailto:shiflett@php.net]
Sent: Thursday, September 22, 2005 8:38 PM
To: bedouglas@earthlink.net
Cc: 'Chris W. Parker'; php-general@lists.php.net
Subject: Re: [PHP] basic user/input form questions... more validation!
bruce wrote:
> but what do you mean by "...escape output!!"
Output is data that you send somewhere else. In other words, if it
leaves your application, it is output.
This is explained a bit further (with some code) near the start of this
talk:
http://brainbulb.com/talks/php-security-audit-howto.pdf
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
Navigation:
[Reply to this message]
|