PHP Input Validation Flaw in Certain Error Pages as reported on Security Tracker dotCom, and other such news always raises my ears because I have been the victim of Cross Site Scripting myself. I have also been the victim of other hacks related to my own lack of security precautions, so tend to review alerts such as this to investigate whether i might be subject to this vulnerability myself.

If i’m seeking advice or answers to Security issues or otherwise, one of my favorite reference points when it comes to learning about PHP is PHPBuilder.com. The reason i feel this way is in no small part due to the fact that, in my estimation, > 90% of its more advanced users provide help in a very friendly manner to those who seek it. These more advanced, helpful users seem to have honed their skills rather well when it comes to their offering of a preferred balance of guidance, disclosure, or when appropriate, recommendation that the user seeking help simply go back and read the manual! i don’t recall ever having felt insulted, or that i was treated without fairness. So, in turn, i have become a frequent visitor of PHPBuilder.com — and the icing on the cake is that the advice and guidance received there in’t just hot-air being blown around, but it’s good, honest advice from experienced, knowledgeable users. Well– that’s my two ¢

so– considering my obligatory disclosure, i hope you take a moment to read over the advice given by user “L” on the subject of how to prepare code to be Cross Site Scripting Safe.