Robert Cummings wrote:
>>
>> function hiddenInput($document,$name,$value) {
>> $input = $document->createElement("input");
>> $input->setAttribute("type","hidden");
>> $input->setAttribute("name",$name);
>> $input->setAttribute("value",$value);
>> return($input);
>> }
>>
>> Does that answer your question?
>
> That was what I thought.
>
> Cheers,
> Rob.
Is there a reason I shouldn't be doing it that way?
The reasons I like it so much, even though it requires more lines to do
the same thing -
1) Mixing html and php is really ugly and difficult to maintain -
sometimes even a week after I write mixed code I have issues reading it,
especially when mixing html and php inside a loop. It's much easier to
track down a missing } this way.
2) Let's me easily translate to valid html 4.01 for clients that don't
accept xml+html
3) So far I haven't (yet) found an xss attack that works with zero input
validation. Everything I've tried - even the most bizarre filter dodging
tricks - seems to be nicely turned into a text node. For that reason
alone it seems worth it, but that's a side effect of me choosing to do
things that way. A very pleasant one, though.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
