[nycphp-talk] Managing form data with PHP
David Mintz
david at davidmintz.org
Thu Dec 13 12:53:00 EST 2007
Once upon a time someone said it was a security risk to echo back $_POST
data unconditionally, even if you escape it, and even though you are only
showing them the very thing they just submitted to you. But I forget what
that risk was. Maybe I misremember.
I suppose if someone were to submit a string the length of War and Peace, it
would squander bandwidth if you sent it back without truncating, but is that
a true security risk?
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20071213/81f61e83/attachment.html>
More information about the talk
mailing list