Posted by Chris Shiflett on 10/12/30 11:27
bruce wrote:
> my question was directed towards trying to understand if you were
> meaning that an app should escape all output from the mysql db?
If you think about that for a moment, I think you'll see that it doesn't
make a lot of sense. Data that you get from a remote source is input,
not output. Data that you send to a remote source is output.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
Navigation:
[Reply to this message]
|