[Phpwm] site critique please
Phil Beynon
phil at infolinkelectronics.co.uk
Tue Jan 16 19:49:06 GMT 2007
> I agree entirely with the idea of always using *_escape_string or
> prepared
> statements, but mysql_query will only let you pass one statement
> at a time
> to it, so your example wouldn't work (pg_query doesn't have the same
> limitation/feature, and neither does the underlying C call, so I
> wouldn't
> necessarily rely on it always being there for mysql...).
>
>
> While we're on the topic, running $_GET['short'] through
> htmlentities (on
> your feedback page) is also a good idea to prevent cross-site scripting.
>
> Other than that, the site's not particularly functional without
> javascript
> (the enlarged images could very easily degrade to opening a new window
> with target="_blank") and the site requires horizontal scrolling at
> 1024x768. As a guide, the Senokian site has around 45% of it's
> visitors at
> that resolution (another 5% even smaller) so ignoring them
> probably isn't
> sensible.
>
> Greg
>
Thats odd - its supposed to work at 1024 x 768 and does in IE.......
I shall investigate and correct that!
Phil
More information about the Phpwm
mailing list