On 07/04/12 19:29, Rasmus Lerdorf wrote: > On 04/07/2012 10:23 AM, Ángel González wrote: > >> And I like the idea of providing a function for auto escaping <?= echos. > Turn on your default input filter and all data that comes from the user > will automatically be escaped. > > -Rasmus I'm not interested in filtering *input* but *output*. I'm of the opinion that variables should hold their real values up to the last step before being used in the context which needs escaping (hmtl,, sql...).
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
