DesignersTalk - View Single Post

Hunch · 08-07-2008, 23:15

Ok, since you disagree, answer me a question:

I have a form which asks you to enter your name. It does nothing more than chuck your name into a database using a mysqli/prepared statement, so that next time you come to the site, it can check for a cookie and greet you personally "Welcome back Hobolooter" style.

What needs to be validated by PHP?

Note: checking whether or not it's a valid name isn't an answer, because the discussion is about looking at this from a security perspective. I might decide I want to be called |-|µ|\|(|-| - is that a problem?

Edit reason: noticed a grammatical error.

08-07-2008, 23:15	#23 (permalink)
Hunch Grumpy old man Join Date: Oct 2007 Location: North Japan Posts: 2,407	Ok, since you disagree, answer me a question: I have a form which asks you to enter your name. It does nothing more than chuck your name into a database using a mysqli/prepared statement, so that next time you come to the site, it can check for a cookie and greet you personally "Welcome back Hobolooter" style. What needs to be validated by PHP? Note: checking whether or not it's a valid name isn't an answer, because the discussion is about looking at this from a security perspective. I might decide I want to be called \|-\|µ\|\\|(\|-\| - is that a problem? Edit reason: noticed a grammatical error. Last edited by Hunch : 10-07-2008 at 01:09.