Thanks for bringing those up, NBS. As far as I can see,
1) Well, yeah, but in previous things where I've used this, there isn't any escaping in the first place.
2) Ooops. :/ Might as well add that.
3) Hmm, I don't see why. Assuming the script always uses all of $_POST and $_GET (which is usually does), it needs to secure everything in them.
4) Well, that's a very valid point, only currently, there isn't anything in the script which requires this. I do get that this could be an issue in the future, but for now it's okay. xD
It mostly makes sense, though. I use this approach because I hate having to secure variables from forms before using them, because I inevitably end up forgetting about them. xP
|