+ 3
Never trust user input ?
What's going to happen if I do it?
2 Réponses
+ 5
sql injection perhaps.. or at the least incorrect\incomplete information.
+ 1
It's very dangerous for different reasons. For exemple, if there is an input where the user have to write his name, nothing forces him to write his name.
He can write Js, PHP,... instructions and so get sensible informations, modificating variables values,...
If he has to write a number, check if he only entered number.
If he has to write a message, don't let the navigator execute the instructions that the user could write.
It could be very dangerous if you believe in the user.