+ 3

Never trust user input ?

What's going to happen if I do it?

3rd Feb 2017, 12:14 AM
Isaac Gounton
Isaac Gounton - avatar
2 Réponses
+ 5
sql injection perhaps.. or at the least incorrect\incomplete information.
3rd Feb 2017, 12:53 AM
jay
jay - avatar
+ 1
It's very dangerous for different reasons. For exemple, if there is an input where the user have to write his name, nothing forces him to write his name. He can write Js, PHP,... instructions and so get sensible informations, modificating variables values,... If he has to write a number, check if he only entered number. If he has to write a message, don't let the navigator execute the instructions that the user could write. It could be very dangerous if you believe in the user.
5th Jun 2017, 12:56 AM
Apple