The number one rule in programming is not to trust external data, especially not user data. One of the reasons not to trust user data is the threat of hackers searching for injection possibilities. When you start develloping web applications you’ll soon learn the dangers of SQL injection. This might be the most important form of injection, but by far it is not the only one out there: cross site scripting is another good example. If your application sends out mail, you might want to make sure you sanitize user input as well as the application could be a magnet for spammers who’ll send spam mail using your IP. Read the rest of this entry »