Hello,
Thanks to all who answered my quotes question. I've got another one.
I've got several combo boxes that are sticky, below is an example of
one and the function. Now i'd like to tighten it up by ensuring that
an external user can't inject values other than value1 or value2 in to
the script. This sounds like an array.
<select name="box1" id="box1">
<option value="value1" <?php set_selected('box1', 'value1'); ?>>Value1</option>
<option value="value2" <?php set_selected('box2', 'value2'); ?>>Value2</option>
</select>
function set_selected($fieldname, $value)
{
if ($_POST[$fieldname] == $value)
echo 'selected="selected"';
}
Thanks.
Dave.
On 8/25/10, Jan G.B. <ro0ot.w00t@xxxxxxxxxxxxxx> wrote:
> 2010/8/25 Marc Guay <marc.guay@xxxxxxxxx>:
>>> function html($text)
>>> {
>>> return htmlentities($text, ENT_QUOTES, 'UTF-8');
>>> }
>>>
>>> function htmlout($text)
>>> {
>>> return html($text);
>>> }
>>
>> Possibly irrelevant, and definitely not related to your questions, but
>> is it just me or is htmlout() a useless function? Why not just call
>> html() directly?
>
> Why not call htmlentities() directly?
> :-)
> Or: why notuse htmlspecialchars() to speed it up.
>
> Regards
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
