Philip Thompson wrote:
On Jun 23, 2005, at 4:13 PM, Richard Lynch wrote:
...
Well, that was a mouthful. I actually am using a Mac and it showed \r \n
I reckon you could edit together a nice fat 700 page book on PHP just by scraping posts made by Richard :-) ... every other month ;-)
to me. What I think I will do is not use mysql_real_escape_string until I want to actually insert it into the database. So the information I
YES YES YES. good man, that is a good observation - i.e. you should only be escaping/santizing/whatever data for the specific purpose you have in mind and not blanket escaping regardless of the directions you will be throwing the data in.
re-display back to the user *should* be the same as what they wrote.
actually I have DB edit screens that always show what is in the DB rather than what the user has tried to submit - because otherwise the user tends to think that their changes were accepted rather (and no ammount of errors/warning/whatever will change their minds) that the DB choked on their input - in such cases I just throw out everything that could not be updated - the user is garanteed to be looking at whatever the DB contains when a page/editform is loaded.
Thanks for your inputs. I appreciate each of you.
me too, but I'm biased towards Paris Hilton ;-)
~Philip
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
