[nycphp-talk] Best practice for escaping data
Chris Shiflett
shiflett at php.net
Thu Feb 15 19:57:03 EST 2007
Randal Rust wrote:
> That function basically is supposed to only allow the
> characters that are included in the regex. The more and
> more I look at it, the more and more I realize that it's
> just been bad from the start.
I'm wondering if you use it for completely free-form data, where you
don't have any particular rules that you can enforce. You mentioned
other functions for specific types of input.
Chris
--
Chris Shiflett
http://shiflett.org/
More information about the talk
mailing list