Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Variables in inc_subscription.asp not "sanitised"

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
Shaggy Posted - 08 November 2006 : 11:39:08
Just been having a look at inc_subscription.asp and noticed that there's not one, single occurrence of chkString in the file. Now, I know it's not strictly necessary to sanitise a string that was already sanitised when it was inserted into the database but, for the sake of consistency and added security, shouldn't the chkString function (and clng) be used in that file anyway?

<
1   L A T E S T    R E P L I E S    (Newest First)
HuwR Posted - 08 November 2006 : 15:10:54
if like you stated they have already been sanitised and inc_subscription is extracting them from the db then no, you only need to sanitise form variables that users have input. since inc_subscription contains only functions which should have the passed variables sanitised before passing them and there is no other user input then it is totally unnecessary, and a waste of time and code<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000 Version 3.4.07