[Phpwm] How to create a page on a server from a browser

Rob Allen rob at akrabat.com
Tue May 2 08:14:31 BST 2006

Phil Beynon wrote:

> There are quite a few other bits you need to look at replacing as well, most
> notably quotes as these will cause some 'interesting' things to happen if
> you try and store the page in a database record.
> You can use ereg_replace to do this; $myvariable =
> ereg_replace("'","'",$myvariable);

For putting things into the database, you should use the database
specific escaping. i.e. for mysql, use mysql_real_escape_string().

> If you are later allowing the user to edit their input you will need to
> change all these bits back as a text field will not interpret things such as
> html entities and will display the &hash codes for them.

It's much easier to store whatever the user entered directly into the
database, and escape for html when you display to html. nl2br(),
htmlentities() and strip_tags() are useful at the display point. This is
 especially true if the data is going to used in different contexts,
like a RSS feed for instance.

> If you are going to give them a view before publish type page then you will
> need to work out a method of suppressing the page head information and just
> give the content data.

If you do a "preview" type thing, then your users will thankyou if you
pick up the correct css styles...



More information about the Phpwm mailing list