Filter user input before the database or upon display?
Given a web application where user data must be properly escaped to avoid XSS, is it better to try to remove the “bad stuff” before it enters the database, or is it best to allow it in the database but be careful about escaping output when… Continue reading Filter user input before the database or upon display?