You are here: Re: [PHP] Re: Filtering and Escaping (Was: Select and $_POST) « PHP « IT news, forums, messages
Re: [PHP] Re: Filtering and Escaping (Was: Select and $_POST)

Posted by Chris Shiflett on 11/15/05 02:24

GamblerZG wrote:
> > If you had anything other than $_OCLEAN in an echo and friends, then
> > you would know you were screwing up.
>
> Personally, if I pull something info from the database, then I do not
> usually sanitize it. Yes, I know it's less secure, but I'm willing to
> take such (negligible) risk for extra performance. So I sanitize data
> on input only.

Sanitizing is an alias for filtering and has nothing to do with
escaping. One should never be considered a substitute for the other,
although this is a common mistake.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация