[Phpwm] How to create a page on a server from a browser
David Goodwin
david at codepoets.co.uk
Tue May 2 21:37:29 BST 2006
Ray Masa wrote:
> Hmmm....those are a few thinks I have not thought about. Thanks for
> that, I would have to take these (and Rob Allen's) suggestions into
> account.
1) Use prepared SQL statements; there is no chance of you then getting
the sql sanitisation/escaping wrong :)
2) Consider using something like Smarty - I'll show how (at the meeting)
it and a few helper functions can be used to remove any need to worry
about HTML injection (cross site scripting etc etc)
3) If using the Javascript inline editor, I'd have thought translating a
\n to a <br> is not necessary (surely they return html for you when the
user clicks 'submit' anyway?)
thanks
David.
--
David Goodwin
[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk ]
More information about the Phpwm
mailing list