[FX.php List] [OFF] Filemaker Web Security?
Dale Bengston
dbengston at tds.net
Fri Sep 5 19:12:53 MDT 2008
Yes. Besides the malicious use of "sql injections" and such, people
copy text from word files, emails, and just about everywhere else and
paste it in your input fields. (This is a good thing - people
shouldn't have to re-type.) If they have curly quotes, or other high-
ascii stuff, and their document uses different encoding than your
site, weird things can result. Better to catch it and wash the data
before it hits your tables.
Dale
On Sep 5, 2008, at 2:21 PM, Joel Shapiro wrote:
> As to my question "Do people here do that on *all* submittable
> fields?...", the "that" I'd meant was filtering the fields in PHP
> before submission to FM, e.g. using htmlentities(), strip_tags(),
> etc. Do people do *that* on all submittable fields?
More information about the FX.php_List
mailing list