Ahhh, so it's ME I need to watch, and not so much the user? Good point. Thanks.
BTW, I am escaping the single ' for MySQL use, for obvious reasons. | [reply] |
| [reply] |
I'm honored merlyn. I've read and read about your terse replies, and now I'm the proud owner of one. But seriously, thanks for the admonition. I haven't been consistent about using placeholders, but I'm becoming a reformed coder. Once I started hanging around the monastery, I knew that if I paid attention to the superiors, my code would grow up.
| [reply] |
___
/\__\ "What is the world coming to?"
\/__/ www.wolispace.com
| [reply] [d/l] |
I have to disagree.
For the integrity of your own server, you are (I believe) correct. But if someone evil submits code that breaks into the browser of whoever is reading the text, that one with the compromized system will not be pleased (s)he used your solution.
So, please strip scripts as a bare minimum. | [reply] |