PHP - security etc

[Eric Wilhelm]

# from Aaron Trevena
# on Thursday 08 March 2007 12:10 pm:

>Actually, I think Paul's argument is a straw man, escaping is to do
>with handling formats of data, so that is displayed correctly - XSS,
>etc should be prevented at the point of entry, not at the last minute
>before being displayed to the user when generating templated output.

No, silly.  It's supposed to be done with a Hungarian Notation 
source-filter!

  http://www.joelonsoftware.com/articles/Wrong.html

I think he's saying we should do this:

  my u$foo = user_supplied_value('foo');

  print u$foo;

Sure makes it look wrong to me :-D

--Eric
-- 
perl -e 'srand; print join(" ",sort({rand() < 0.5}
  qw(sometimes it is important to be consistent)));'
---------------------------------------------------
    http://scratchcomputing.com
---------------------------------------------------