[Phpmyadmin-devel] Re: globals

Garvin Hicking phpmyadmin at supergarv.de
Thu Dec 8 12:12:02 CET 2005


>> I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
>>  However I admit I haven't looked at the current code for ages. :(
> You can not do any sanitizing on data inserted to MySQL - field values,
> SQL commands etc. ... And that's most of data we handle ;-).

I was speaking of the output of strings, not the "input". When we display the
SQL commands to the user, we should be able to apply htmlspecialchars, right?!
[In this case I think we're doing it allready, but how I understood Marc, he
wanted to make sure that we always do that]


++ Garvin Hicking | Web-Entwickler [PHP]    | www.garv.in | ICQ 21392242
++ Developer of   | www.phpMyAdmin.net      | www.s9y.org

++ Make me happy  | http://wishes.garv.in

More information about the Developers mailing list