Hello, all. I'm getting a bit confused figuring out the best way to
insert data into a db via web forms and then pull it out again safely.
I know there's lots of information out there, but I was hoping
someone could suggest a current, [easy!] best practice. Specifically,
I have the following surely common set of situations:
1. user submits info to db
--how best to screen out html / escape special characters on insert
2. info is publicly displayed
-- how best to unescape special characters for display
3. user edits their submission in form populated with their existing data
--again, to screen, but not have the escape characters multiply crazily
4. user updates db
--again, without additional of exciting new escape characters
I'm getting a bit mixed up through all the stages, and if someone
would take pity and walk me through this, I, um, would thank you
sincerely.
TIA,
Andrew
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
