Well-l-l-l ... maybe not
. Most anything I've seen for sanitization involves regular expressions. Not something many Web masters cleave unto, much less understand. Until the script providers - PHP, JS, et. al.
, actually provide cleansing routines, many Web folk just aren't/won't be qualified for cleansing of that nature. (Of course, if it's provided in the language, any baddie past the script-kiddie stage will likely overcome it unless it's really
Professional sites have no excuse, of course, but then, how many sites on the Web are really professional
? And how many of those sites were hit
Injection attacks are no joke, but there's really not a lot out there to make folk aware how dangerous they can be, and even less on practical
advice on avoidance of such. (Learn
, as a command, is neither practical nor effective