On 23 Mar 2004 Michael Rasmussen wrote: > The idea is exactly not to do any queries dynamically generated based on > user input! In the rare cases where this is needed you should not > allow any unparsed input.
There are some applications for which queries based on typed user input are rare. But there are others for which those queries are the basis of the whole application! Almost any kind of site where users are creating accounts and other data records (or their equivalents) will be like this, and that's a very common kind of web application. I agree that in these cases the input should be validated, I think that was the original topic of the thread. But I don't think you can call this "rare" as a general rule. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
