Re: Filtering data not with mysql...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jason Pruim wrote:

> Hey Everyone,
> 
> Probably a simple question but I wanted to make sure I was right
> before I got to far ahead of my self....
> 
> I have a form that I am working on and this form will be emailed to
> the recipient for processing (Not stored in a database).
> 
> When I store in a database, I simply run all the data through
> mysql_real_escape_string() and it's all good...  Without the database,
> is it just as easy as addslashes($var)? or is there more that needs to
> be done?
> 
> In the end, the info will be echoed back out to the user to be viewed
> but not edited and emailed to someone to add the registration collect
> money, etc etc.
> 
> Am I on the right track or do I need to rethink my whole process? :)
> 
> Thanks Everyone!

Addslashes and mysql_real_escape_string are designed to escape certain
characters which would otherwise cause problems when used in a sql query -
as you aren't using a database, you don't need them here.

For the display you'll want to make sure that html entities are rendered
correctly, so process with htmlentities or htmlspecialchars for display.
There is probably nothing you need to do to the emailed version.


Cheers
-- 
David Robley

Honey, PLEASE don't pick up the PH$@#*&$^(#@&$^%(*NO CARRIER
Today is Prickle-Prickle, the 66th day of Discord in the YOLD 3177. 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux