[nycphp-talk] Best practice for escaping data
Randal Rust
randalrust at gmail.com
Thu Feb 15 21:08:20 EST 2007
On 2/15/07, Chris Shiflett <shiflett at php.net> wrote:
> All those characters might be in a headline? If so, carry on.
Probably not, but people never cease to amaze me.
> it would be worth finding out (using historical data or something) how you
> can restrict your criteria a bit more.
So rather than use the one function for validating headline,
subheadline, etc. you are saying to create specific functions for
validating each of the fields?
The correct process would be to:
1. Run fix_magic_quotes() to ensure that all of the backslashes are
removed (if magic_quotes_gpc is on)
2. Run each piece of data through the appropriate function for validation
3. Re-insert the slashes using the database specific function
--
Randal Rust
R.Squared Communications
www.r2communications.com
More information about the talk
mailing list