ako koristis odgovarajuce escape-ovani input ili prepared statements to bi trebalo da je to... za XSS treba jos escapeovati i output (na odgovarajuci nacin, zavisno da li ide u html ili u atribute ili eventualno url) i onda moozes relativno mirno da spavas...
__________________
Leadership is the art of getting people to want to do what you know must be done.
|