Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Introduction to User Authentication in PHP Setting Up Authorization Update Voting System

Adebayo Ojo
Adebayo Ojo
23,661 Points
Posted by Adebayo Ojo
Adebayo Ojo
23,661 Points

Database input sanitization

There is no input filtering or sanitization before storing the vote value in database. Also no escaping output. There is no where input was sanitized before database update all through this course. Why so?

2 Answers

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher
Jennifer Nordell
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi, Adebayo Ojo! I can only make an educated guess as to why the original instructor does this, or rather does not do this. My inclination is to say it is so that people who have decided to take this course out of order or not in the order recommended don't hit something with filtering input and escaping output. I believe they are trying to focus on just the authentication for the purposes of this course in particular. We do have other courses that teach filtering input and escaping output. But not every student takes courses in the recommended order.

Hope this helps! :sparkles:

Adebayo Ojo
Adebayo Ojo
23,661 Points
Adebayo Ojo
Adebayo Ojo
23,661 Points

Jennifer Nordell so I'll say it's necessary to filter input and sanitize output if anyone wants to develop an application based on this course.