[Phpmyadmin-devel] Re: globals
michal at cihar.com
Thu Dec 8 11:57:10 CET 2005
On Thu, 8 Dec 2005 20:44:43 +0100 (CET)
"Garvin Hicking" <phpmyadmin at supergarv.de> wrote:
> > - sanitize individually what can be echoed (like $message) with
> > PMA_sanitize(), for XSS protection. Any need to sanitize something else?
> I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
> However I admit I haven't looked at the current code for ages. :(
You can not do any sanitizing on data inserted to MySQL - field values,
SQL commands etc. ... And that's most of data we handle ;-).
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: not available
More information about the Developers