Thoughts on data validation

• You cannot "validate" data without knowing what "valid" means.
• Do not confuse "validation" with "escaping".(e.g. for presentation in html, or for presentation to a database.)
• Escaping at multiple removes - arbitrary (potentially malicious) text inside javascript, inside html, inside perl/php/python/whatever ... is hard. Do you know of an easy way?