|
|
Posted by Erwin Moller on 10/07/70 11:36
Tim Van Wassenhove wrote:
> On 2006-01-06, Erwin Moller
> <since_humans_read_this_I_am_spammed_too_much@spamyourself.com> wrote:
>> $firstname=$_POST["firstname"];
>> $LastName=$_POST["LastName"];
>> $email=$_POST["email"];
>> $Comments=$_POST["Comments"];
>
> I've got the feeling that tutorials should spend more attention to
> cleaning input and output so the student can't shoot himself in the foot.
>
> $html = array();
> $html['firstname'] = htmlentities($_POST['firstname'], 'UTF-8');
> ...
>
>
> echo "Your firstname is: {$html['firstname']} <br/>";
> ..
>
>
Hi/hoi Tim,
I agree with that.
I know I had my fair share of 'obscure bugs' when I started with PHP, and I
guess 90% had to do with characters: encoding/in-out database/show them in
html, show them in a textfield of a form, etc. etc.
You know what I am talking about. :P
'obscure bugs' in a ironic way because it was of course me who scewed up by
not paying attention to them from the start.
They are excactly the kind of things that make a habit of returning later in
the project, and always in a worse form, and of course close to deadline.
;-)
But I didn't want to confuse the OP with that because he clearly had
problems with the concept of forms and superglobals $_POST and $_GET.
btw, I didn't know that UTF-8 directive for htmlentities.
Now I do. :-)
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|