Re: Editing in a text area field

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 7:02 PM -0500 1/10/09, Phpster wrote:
That can and should be done with a simple str_replace() on the display portion of the code.

Bastien

Really?

Then how do you handle these examples of client input?

This is <b<what</b> I have to say.

This is <i><b>what</i></b> I have to say.

This is <b>what<b> I have to say.

This is <b>what /> I have to say.

This is what</b> I have to say.

And I could go on with even more examples. The point is that when you allow the client to inject style elements into data, then things can go wrong on several fronts.

One, of course is that the client can inject malformed code, which can screw up the page.

Two, by allowing the client to do inject styling elements, then you are not keeping style and date elements separate. That is counter to "best practices".

For example, what happens at some later date when the client wants to change how the data looks? The client says "You told me that you were using css -- I thought it was easy to change things. Why can't you remove all these bold statements?"

Of course, you could go to the css file and make bold not bold but then what happens when you need bold? This problem not as simple as using str_replace().

Cheers,

tedd


--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux