[Phpmyadmin-devel] Re: globals
Michal Čihař
michal at cihar.com
Thu Dec 8 11:57:10 CET 2005
On Thu, 8 Dec 2005 20:44:43 +0100 (CET)
"Garvin Hicking" <phpmyadmin at supergarv.de> wrote:
>
> > - sanitize individually what can be echoed (like $message) with
> > PMA_sanitize(), for XSS protection. Any need to sanitize something else?
>
> I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
> However I admit I haven't looked at the current code for ages. :(
You can not do any sanitizing on data inserted to MySQL - field values,
SQL commands etc. ... And that's most of data we handle ;-).
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051208/d7b012c0/attachment.sig>
More information about the Developers
mailing list