At 7:38 PM +0000 1/9/09, ceo@xxxxxxxxx wrote:
Rule #1.
Never, ever, ever, alter the user's input, EXCEPT for sanitizing/filtering.
Specifically, do NOT add <br /> tags in place of newlines.
Store the newlines.
Upon OUTPUT, you can use nl2br() to get <br /> tags.
Or str_replace if you want </p> instead.
This is crucial as a habit, down the road, when you later want to
put their stuff out as non-HTML such as RSS or PDF or other output
mechanisms.
Consider their input as sacrosanct (except for dangerous/evil input).
I second this strong recommendation.
Never store any html whatsoever in a database.
HTML is presentation and is NOT data.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
