Posted by Sanders Kaufman on 10/29/07 17:32

"Bill H" <someone@somedomain.com> wrote in message
news:S8WdnU0gzc8afLnanZ2dnUVZ_u-unZ2d@comcast.com...
> Jerry:
>
> I'm not sure I understand the responses. It appears:
>
> 1) the script is safe because no user input is used in the header.
> 2) the script is safe because no user data is passed into the script or
> database,
> 3) javascript shouldn't be used as an error trapping technique, although
> it is safe
>
> I don't validate the user input because I don't really care if the input
> is valid or not; almost everyone who use the page gives good information
> since they're asking us for something.


You're *may* right about this last one - but being on the web means that
you'll be getting OTHER visitiors as well.
It's likely not your regular, casualy, friendly customers from whom you need
to protect yourself.




>
> So, the script is safe but it would be wise to hire someone to build a
> better script with proper error handling. Is this about correct?

[Back to original message]