Quote:
|
Originally Posted by mx
To avoid SQL injection etc.
|
Yeah, I got what you were trying to say. I just didn't see the distinction in the same way as you described. There are cases where PHP may not need validation (e.g. prepared statements) or Javascript really should (e.g. untrusted "black box" database connector). My point was just that it's impossible to make such blanket statements about any language. Everything is subject to the context in which its used.