Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Adebayo Ojo
23,661 PointsDatabase input sanitization
There is no input filtering or sanitization before storing the vote value in database. Also no escaping output. There is no where input was sanitized before database update all through this course. Why so?
2 Answers
Jennifer Nordell
Treehouse TeacherHi, Adebayo Ojo! I can only make an educated guess as to why the original instructor does this, or rather does not do this. My inclination is to say it is so that people who have decided to take this course out of order or not in the order recommended don't hit something with filtering input and escaping output. I believe they are trying to focus on just the authentication for the purposes of this course in particular. We do have other courses that teach filtering input and escaping output. But not every student takes courses in the recommended order.
Hope this helps!
Adebayo Ojo
23,661 PointsJennifer Nordell so I'll say it's necessary to filter input and sanitize output if anyone wants to develop an application based on this course.