developerWorks : Blogs : phpblog@developerWorks: " 2005 March 25 05:11 PM
Thou shalt never trust User Input
One of the concepts that are most difficult for new Web developers to fully grasp, is just how dangerous it is to trust user input. Just in the last week, there've been around a dozen or so different reports of vulnerabilities found in Web applications - mostly all of them revolve around unchecked user input. Because of PHP’s dominance in the Web application development world, many of the vulnerable applications were ones written in PHP, which hurt PHP’s security track record, even though it’s not the language which is at fault (the same applications, written in any other language – would have suffered from the same vulnerabilities)."