[thelist] Form Security

DAVOUD TOHIDY dtohidy at hotmail.com
Tue Jul 20 08:27:18 CDT 2010




> From: Ken at adOpenStatic.com
> Date: Tue, 20 Jul 2010 05:59:54 +0000
> What happens when a user needs to enter a slash? My address is, say: 6/10 xyz street
> If you have a specific reason to alter data (e.g. to massage it into a specific format) then by all means do so. But that has nothing to do with security - that's a general business requirement.
> There's no general need to remove slashes, or <script> or "DROP TABLE" or ' from user supplied data from a security perspectives. Just use the widely available techniques/technologies available (parametised queries, HTMLEncode()) and you can also preserve the fidelity of user data.

I appreciate you and everybody who contributed to this. However I believe I would go with my original code that I posted. What I am interested in is receiving only the Alphabetical text without anything extra from the user.

I am in the process of development and when I test the site I will be back with more questions if there is any.

Cheers
davoud





 		 	   		  
_________________________________________________________________
MSN Dating: Find someone special. Start now.
http://go.microsoft.com/?linkid=9734384


More information about the thelist mailing list