Danesh Daroui wrote: > 5. Again back to your example, yes, the PayPal web site offers you to > choose the data by using a combo box and not inserting it manually. So > the date which is sent to the database is definitely correct before > inserting. This is one of the most pathetic things I've ever heard. Browser-side data validation (be it with a combo box or JavaScrpit or whatever) is an absolute no-no because the browser can send back anything it damn well pleases. Data sent back from browsers must, under all circumstances, be considered "dirty". D.
Description: OpenPGP digital signature