tedd wrote:
At 11:43 AM -0800 1/9/09, VamVan wrote:
Rule #1.
Never, ever, ever, alter the user's input, EXCEPT for
sanitizing/filtering.
Specifically, do NOT add <br /> tags in place of newlines.
Store the newlines.
100% I agree. Thats called the act of defensive programming. We have no
right over altering user input but yes we have right to display what
we want
user see on the site.
Thanks,
V
While one can look at it as defensive programming, it has a larger scope
than that.
Certainly you want to sanitize all input from users to prohibit
injections, but more than that you want to keep data separate from
presentation.
exactly: you want to keep data separate from presentation.
only scope for this is that sometimes you want to store html /
presentation data (seeing as it is data)
my personal preference is to always store a plain text version as well
as a sanitized html version.
creating the plain text is simple; strip_tags then a simple preg_replace
to remove extra horizontal whitespace, and another to make sure you're
newlines are all in the correct place
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
