> I read a few posts about HtmlEditFormat() and was curious, if you are > taking user input from a form (input type = text or a textarea), should > you always wrap htmleditformat(form.variable) around the form variable as > you stick it into the database so as to preserve any single or double > quotes? > > If somone types 5" in an input box or a text area is my example of > possible problems that may exists... > > What are others thoughts on this?
It depends on what you will use the data for later... If you will never update the data ( using the same or similar form presumbaly ) and you will never use the data in anything but an html formatted output, then yes htmleditformating the form variables before storing them in the database is fine. If the data ever has to be updated, what ends up happening is that you populate the form with the data, which works fine technically and doesn't break the form, but the user see's these ugly html special characters where they want to see things like double-quotes, greater than or less than symbols, etc. Same sort of thing if you ever want to use the data in anything other than an html formatted output, like a plain-text email ( html email is one of my biggest pet peeves ) ... So I tend to use htmleditformat only in the actual output on the html page, and use javascript to re-populate forms to prevent double-quotes from breaking my text fields when I update user-defined information... There are a number of people who will say that using javascript for this is a bad idea because not all users will be able to use the javascript -- to which the only workaround is to then again replace double-quotes with left-double quotes and right-double quotes, which I don't much care for either. It turns out to be one of those things like sessions and cookies -- at some point a session has to rely on either a cookie or a url-token, neither of which are great solutions for different reasons, but we're forced to put up with the poor solutions because they're the best solutions available. Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
