|
|
Posted by Paul Furman on 08/11/07 05:03
Jerry Stuckle wrote:
> Paul Furman wrote:
>> Paul Furman wrote:
>>> Michael Fesser wrote:
>>>
>>>> When printing anything to an HTML page, use
>>>> htmlspecialchars() to escape those characters that have a special
>>>> meaning in HTML (", &, <, >). If necessary use the ENT_QUOTES flag. See
>>>> the manual for details.
>>>>
>>>> http://www.php.net/htmlspecialchars
>>>
>>> Thanks again, it sounds like I should run that in my html_safe()
>>> function along with stripslashes().
>>
>> Just a followup on the htmlspecialchars idea, I tried it & had to
>> disable it... if I used that, I'd need to be more selective than my
>> html_safe function because it disabled my ability to add content from
>> the admin interface with links & images. But thanks for mentioning it.
>
> If it's affecting links and images, you aren't being selective enough!
>
> Like any other function - call it if you need to. But it's not meant to
> be called for everything you're displaying.
Yes, agreed. My html_safe() function is being applied to anything that
leaves the mySQL database and anything entering gets the db_safe()
function applied. I don't really know why I'd need it except as a
catch-all at this point but good to know it exists if I encounter these
problems again and another handy way to display html code without being
interpreted by the browser.
--
Paul Furman Photography
http://edgehill.net
Bay Natives Nursery
http://www.baynatives.com
Navigation:
[Reply to this message]
|