On Thu, July 12, 2007 4:15 pm, Kelvin Park wrote: > I'm trying to setup a XSLT based web site. > I wasn't exactly sure about the flow of the whole system when data > from > relational database is transferred to XML and in turn the data > inputted > from the user is relayed back to the database through XML (or directly > to the database with PHP DB connection). I built a flowchart > illustrating what the flow of the XSLT/PHP/MYSQL system might be like. > If you think it's the wrong way or an inefficient way of getting user > inputted data back to mysql, I would appreciate any comments. > If you cannot download the PDF file, you can bring it up with direct > address the the file: http://www.envigan.net/CMSFLOW.pdf Maybe you already know this, and it's too detail oriented to be in your diagram. Maybe not. Filter Input; Escape Output Escape output is pretty easy: Right before you cram it into MySQL, put it into another variable with mysql_real_escape_string() called on it first, and put THAT into MySQL, not the original. Right before you spew it to a browser, call htmlentities() on it, and use THAT to go out to the browser, not the original. Filter Input is a bit tougher... It basically boils down to: Trust no one. Validate everything. If you aren't already paranoid, nor even not paranoid enough, start reading here: http://phpsec.org/ -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
