[Phpmyadmin-devel] Re: globals
Garvin Hicking
phpmyadmin at supergarv.de
Thu Dec 8 12:12:02 CET 2005
Hi!
>> I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
>> However I admit I haven't looked at the current code for ages. :(
>
> You can not do any sanitizing on data inserted to MySQL - field values,
> SQL commands etc. ... And that's most of data we handle ;-).
I was speaking of the output of strings, not the "input". When we display the
SQL commands to the user, we should be able to apply htmlspecialchars, right?!
[In this case I think we're doing it allready, but how I understood Marc, he
wanted to make sure that we always do that]
Regards,
Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in
More information about the Developers
mailing list