Escape and sanitize input and output?

Tagged escape, input, output, sanitize  Languages 

Thinking about escaping and sanitizing input and output? Read this:


  • Always sanitize output

You can fix bugs in the input sanitizer without touching the database by always sanitizing output.

  • Sanitize input, if it makes sense:

For example, if there’s a risk that input becomes invalid after sanitization it’s better to store data raw. Also, when there are multiple output formats sanitizing might break something.