On Fri, Apr 25, 2008 at 1:08 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
> On Fri, Apr 25, 2008 at 2:51 PM, Nathan Nobbe <quickshiftin@xxxxxxxxx>
> wrote:
> > class OutputEscaper {
>
> I dunno man. I have an escape() method on different classes such as
> View (which can be told to use htmlspecialchars/entities), DB, etc.
> This way you know you're doing $view->escape() or $db->escape()
> instead of some generic thing. I think it helps me realize the
> context a bit more than a stand-alone escaper that doesn't know the
> details of what database I'm using or my target x/html output.
meh; just make sure the instance holds what you want it to; it was just a
contrived example to illustrate the syntax supported in double quotes,
currently.
You could then argue that if you're trying to output user values in
> HTML you should be working with something like htmlpurifier anyways.
> But there are only so many hours in the day...
this techie burns the candle at both ends :)
But back to the original point, you're cheating because you have
> instances there, not static calls! :P
>
heh, right; just holding my breath for php-5.3!
-nathan
