Re: Editing in a text area field

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 7:38 PM +0000 1/9/09, ceo@xxxxxxxxx wrote:
Rule #1.
Never, ever, ever, alter the user's input, EXCEPT for sanitizing/filtering.
Specifically, do NOT add <br /> tags in place of newlines.
Store the newlines.

Upon OUTPUT, you can use nl2br() to get <br /> tags.
Or str_replace if you want </p> instead.

This is crucial as a habit, down the road, when you later want to put their stuff out as non-HTML such as RSS or PDF or other output mechanisms.

Consider their input as sacrosanct (except for dangerous/evil input).

I second this strong recommendation.

Never store any html whatsoever in a database.

HTML is presentation and is NOT data.

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux