Dotan Cohen schreef:
On 23/01/2008, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
The file defines some of my own functions, like these:
function clean_html ($dirty) {
$dirty=strip_tags($dirty);
$clean=htmlentities($dirty);
return $clean;
}
function clean_mysql ($dirty) {
$dirty=str_replace ("--", "", $dirty);
$dirty=str_replace (";", "", $dirty);
$clean=mysql_real_escape_string($dirty);
return $clean;
}
your functions mix 2 concepts - input filtering and output escaping,
they should be seperate actions.
They are separate actions. One is on (for example) accept.php and the
other on display.php. However, there are tens of pages which accept
info, and tens of others which display info. And these are just two
functions: I have quite a few more. It would be impossible to break
them up into separate include pages because I'd be including 90% of
them on each page anyway.
you don't understand what I mean.
input filtering is a seperate task to output filtering.
you filter and validate all input to the script regardless of
how you are going to use it. THEN you escape the filtered, validated data
for each output (output to mysql, output to browser, etc)
2 distinct concepts, which shouldn't be rolled into single functions. imho.
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
