php - Do I need to sanitize POST data when writing to a text file? -
i have post input performing mysql queries with.
i sanitizing post thoroughly before using database queries...no problem there.
now think want start logging in text file users putting in input field ... improve sense users looking for. writing txt file...got covered..no issues
my question is... can safely utilize raw(pre-sanitized) post info string writing text file? see if there funny business beingness posted there test site defenses... injection attempts, etc etc etc. assume fine writing text file ... or wrong , bad practice?
this won't indefinite info gathering on input field, bit see customers looking for.
yes :-)
just little advise, save file outside webroot, nobody can read via web.
php security fopen
No comments:
Post a Comment