Gerald Richter wrote:
>
> > How about:
> >
> > [+ $set[$row]{org_name} ? "<BR>$set[$row]{org_name}" : "" +]
> > [+ $set[$row]{address1} ? "<BR>$set[$row]{address1}" : "" +]
> > [+ $set[$row]{address2} ? "<BR>$set[$row]{address2}" : "" +]
> >
> > etc
> >
> > You may need to set $escmode to 0 to stop the <BR> being escaped, I
> > can't remember.
> >
>
> That's very dangerous. You should only use this if you are very sure that
> your data that is coming form @set doesn't contains any charaters that need
> to be escaped. You will really get into trouble if you allow somebody to
> enter the data via a web frontend, what if someone types some vaild java
> script in? This java script will be excuted when the page is displayed...
Ooops. I was just addressing the problem of outputting the data in a
more clean way, obviously there is more code that could check the data
integrity. Sorry that I didn't make that clear. As I see it this was a
question about making the code cleaner, not so much about the bigger
issues relating to how clean data is... when I am getting data from a
web form, I validate it BEFORE putting it into the database. So,
everything coming out of the database is presumed to be clean, because
it was already parsed.
fwiw,
-Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
