[nycphp-talk] Best practices for form input/output between PHP & MySQL?
D C Krook
dkrook at hotmail.com
Wed Sep 17 16:56:36 EDT 2003
Greetings,
I work on a web application that is used to manage tasks and work flow among
a team of developers and producers. Clients enter tasks, developers make
notes and occasionally add code snippets via a standard form with text
inputs and textarea boxes.
We take care to sanitize user input and data display by way of addslashes(),
stripslashes(), htmlfunctions(), nl2br() and the like, but occasionally a
legitimate backslash in a code snippet gets removed when updating a textarea
containing some code, for example:
escape(document.title.replace(/\+/g,''))
becomes
escape(document.title.replace(/+/g,''))
Of course, that sort of thing is not easy to catch when you're developing
such an application (it went unnoticed in our case for quite a few months),
so I'm wondering if anyone can share some good utility functions that can
sanitize form input going into a database and information coming from the
database for display in the browser (with HTML entitized).
In essence, I'd like to hear some thoughts on the most robust way to flesh
out the following functions:
function sanitizeInputForDB ($strFieldInput) {
}
function formatDataForDisplay ($strData, $isTextArea = false) {
if (!$isTextArea) {
} else {
}
}
TIA,
-Dan
==========================================
Daniel Christer Krook
http://krook.net/ || http://krook.info/
http://civet.net/ || http://dev.krook.org/
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
More information about the talk
mailing list