On Fri, December 15, 2006 5:05 pm, Ilia Alshanetsky wrote: > In theory, you need to consider that many ISPs and users will > interpret taint mode == secure and enable it causing much grief to > distributable application writers who need to accommodate every > environment.
That accommodation consists of: Filter your input with some kind of reasonable filtering function. Is that really too much to ask?... If something as simple as mysql_real_escape_string(), a typecast, or a preg_replace() marks it untainted, it seems to me like you'd have to write some REALLY BAD CODE and distribute it to have a problem. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
