From: | Jeff <jam(at)zoidtechnologies(dot)com> |
---|---|
To: | Frank Bax <fbax(at)sympatico(dot)ca> |
Cc: | pgsql-php(at)postgresql(dot)org |
Subject: | Re: PHP form Creates Blank DB entries |
Date: | 2003-07-01 13:51:00 |
Message-ID: | 20030701135100.GA9208@zoidtechnologies.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
On Tue, Jul 01, 2003 at 08:46:57AM -0500, Bruno Wolff III wrote:
> Date: Tue, 1 Jul 2003 08:46:57 -0500
> From: Bruno Wolff III <bruno(at)wolff(dot)to>
> To: Jeff <jam(at)zoidtechnologies(dot)com>
> Cc: Frank Bax <fbax(at)sympatico(dot)ca>, pgsql-php(at)postgresql(dot)org
> Subject: Re: [PHP] PHP form Creates Blank DB entries
> Mail-Followup-To: Jeff <jam(at)zoidtechnologies(dot)com>,
> Frank Bax <fbax(at)sympatico(dot)ca>, pgsql-php(at)postgresql(dot)org
>
> On Mon, Jun 30, 2003 at 18:22:59 -0400,
> Jeff <jam(at)zoidtechnologies(dot)com> wrote:
> >
> > also, I would suggest running each of the variables through a function that
> > strips out html tags (since you don't really care about allowing them in
> > this case, right?).. you can do that with strip_tags.. see
> > http://php.net/strip_tags
>
> Wouldn't it be better to replace <, >, " and & with <, >, " and
> &, resprectively since those characters could legitimately appear
> in at least some of those strings?
yes, preparestring handles not only the call to strip_tags, but a call to
htmlentities as well, which covers the above. I did not indicate this fact
clearly in my email-- I apologize for being misleading.
if I've missed anything, please let me know.. I think I have all the bases
covered, but I'm willing to make changes if there is some glaring hole (or
even a not-so-glaring one) I have missed :)
you can check the eros tarball, common.php, the function is called
preparestring.
regards,
J
--
|| Jeff - http://zoidtechnologies.com/
|| GNUPG Fingerprint: A607 0F19 7C75 1305 67E4 BDFF 26BD 606E 3517 2A42
From | Date | Subject | |
---|---|---|---|
Next Message | Shaikh, Farid-Azhar H. (Bobby) | 2003-07-01 19:25:23 | postgresql |
Previous Message | Bruno Wolff III | 2003-07-01 13:46:57 | Re: PHP form Creates Blank DB entries |