|
Shaggy
Support Moderator
Ireland
6780 Posts |
 Posted - 08 November 2006 : 11:39:08
|
Just been having a look at inc_subscription.asp and noticed that there's not one, single occurrence of chkString in the file. Now, I know it's not strictly necessary to sanitise a string that was already sanitised when it was inserted into the database but, for the sake of consistency and added security, shouldn't the chkString function (and clng) be used in that file anyway?
< |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
Edited by - Davio on 06 January 2008 15:39:58 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 08 November 2006 : 15:10:54
|
| if like you stated they have already been sanitised and inc_subscription is extracting them from the db then no, you only need to sanitise form variables that users have input. since inc_subscription contains only functions which should have the passed variables sanitised before passing them and there is no other user input then it is totally unnecessary, and a waste of time and code< |
 |
|
Variables in inc_subscription.asp not "sanitised"
