NYCPHP Meetup

NYPHP.org

[nycphp-talk] Best practices for form input/output between PHP &MySQL?

Daniel Kushner nyphp at websapp.com
Wed Sep 17 18:33:22 EDT 2003


Hey Dan,

If you don't need to search the code in the database you may want to
base64_encode/decode it.

Best,
Daniel


> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of D C Krook
> Sent: Wednesday, September 17, 2003 4:57 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] Best practices for form input/output between PHP
> &MySQL?
>
>
> Greetings,
>
> I work on a web application that is used to manage tasks and work
> flow among
> a team of developers and producers.  Clients enter tasks, developers make
> notes and occasionally add code snippets via a standard form with text
> inputs and textarea boxes.
>
> We take care to sanitize user input and data display by way of
> addslashes(),
> stripslashes(), htmlfunctions(), nl2br() and the like, but occasionally a
> legitimate backslash in a code snippet gets removed when updating
> a textarea
> containing some code, for example:
>
> escape(document.title.replace(/\+/g,''))
>   becomes
> escape(document.title.replace(/+/g,''))
>
> Of course, that sort of thing is not easy to catch when you're developing
> such an application (it went unnoticed in our case for quite a
> few months),
> so I'm wondering if anyone can share some good utility functions that can
> sanitize form input going into a database and information coming from the
> database for display in the browser (with HTML entitized).
>
> In essence, I'd like to hear some thoughts on the most robust way
> to flesh
> out the following functions:
>
>
> function sanitizeInputForDB ($strFieldInput) {
>
> }
>
> function formatDataForDisplay ($strData, $isTextArea = false) {
> 	if (!$isTextArea) {
>
> 	} else {
>
> 	}
> }
>
>
> TIA,
> -Dan
>
>
>
> ==========================================
> Daniel Christer Krook
> http://krook.net/ || http://krook.info/
> http://civet.net/ || http://dev.krook.org/
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk





More information about the talk mailing list