Re: About PHP/XML/XSLT/MYSQL Web Sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, July 12, 2007 4:15 pm, Kelvin Park wrote:
> I'm trying to setup a XSLT based web site.
> I wasn't exactly sure about the flow of the whole system when data
> from
> relational database is transferred to XML and in turn the data
> inputted
> from the user is relayed back to the database through XML (or directly
> to the database with PHP DB connection). I built a flowchart
> illustrating what the flow of the XSLT/PHP/MYSQL system might be like.
> If you think it's the wrong way or an inefficient way of getting user
> inputted data back to mysql, I would appreciate any comments.
> If you cannot download the PDF file, you can bring it up with direct
> address the the file: http://www.envigan.net/CMSFLOW.pdf

Maybe you already know this, and it's too detail oriented to be in
your diagram.  Maybe not.

Filter Input; Escape Output

Escape output is pretty easy:

Right before you cram it into MySQL, put it into another variable with
mysql_real_escape_string() called on it first, and put THAT into
MySQL, not the original.

Right before you spew it to a browser, call htmlentities() on it, and
use THAT to go out to the browser, not the original.

Filter Input is a bit tougher...

It basically boils down to:

Trust no one.
Validate everything.

If you aren't already paranoid, nor even not paranoid enough, start
reading here:
http://phpsec.org/

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux