|
|
Posted by Jochem Maas on 06/24/05 13:32
Philip Thompson wrote:
> On Jun 23, 2005, at 4:13 PM, Richard Lynch wrote:
....
>
>
> Well, that was a mouthful. I actually am using a Mac and it showed \r \n
I reckon you could edit together a nice fat 700 page book on PHP just by scraping
posts made by Richard :-) ... every other month ;-)
> to me. What I think I will do is not use mysql_real_escape_string until
> I want to actually insert it into the database. So the information I
YES YES YES. good man, that is a good observation - i.e. you should only
be escaping/santizing/whatever data for the specific purpose you have in mind
and not blanket escaping regardless of the directions you will be throwing the data in.
> re-display back to the user *should* be the same as what they wrote.
actually I have DB edit screens that always show what is in the DB rather than what the
user has tried to submit - because otherwise the user tends to think that their changes
were accepted rather (and no ammount of errors/warning/whatever will change their minds)
that the DB choked on their input - in such cases I just throw out everything that could not
be updated - the user is garanteed to be looking at whatever the DB contains when a
page/editform is loaded.
>
> Thanks for your inputs. I appreciate each of you.
me too, but I'm biased towards Paris Hilton ;-)
> ~Philip
>
Navigation:
[Reply to this message]
|