At 11:43 AM -0800 1/9/09, VamVan wrote:
Rule #1. Never, ever, ever, alter the user's input, EXCEPT for sanitizing/filtering. Specifically, do NOT add <br /> tags in place of newlines. Store the newlines. 100% I agree. Thats called the act of defensive programming. We have no right over altering user input but yes we have right to display what we want user see on the site. Thanks, V
While one can look at it as defensive programming, it has a larger scope than that.
Certainly you want to sanitize all input from users to prohibit injections, but more than that you want to keep data separate from presentation.
I always cringe when I see clients entering html into their CMS because they want to make some line of text bold, but then forget to close the tag and find that the entire dynamic page is now broken as the malformed html content is pulled from a database.
Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
