[Phpwm] How to create a page on a server from a browser
Rob Allen
rob at akrabat.com
Tue May 2 08:14:31 BST 2006
Phil Beynon wrote:
> There are quite a few other bits you need to look at replacing as well, most
> notably quotes as these will cause some 'interesting' things to happen if
> you try and store the page in a database record.
> You can use ereg_replace to do this; $myvariable =
> ereg_replace("'","'",$myvariable);
For putting things into the database, you should use the database
specific escaping. i.e. for mysql, use mysql_real_escape_string().
> If you are later allowing the user to edit their input you will need to
> change all these bits back as a text field will not interpret things such as
> html entities and will display the &hash codes for them.
It's much easier to store whatever the user entered directly into the
database, and escape for html when you display to html. nl2br(),
htmlentities() and strip_tags() are useful at the display point. This is
especially true if the data is going to used in different contexts,
like a RSS feed for instance.
> If you are going to give them a view before publish type page then you will
> need to work out a method of suppressing the page head information and just
> give the content data.
If you do a "preview" type thing, then your users will thankyou if you
pick up the correct css styles...
Regards,
Rob...
More information about the Phpwm
mailing list