Hello, all.  I'm getting a bit confused figuring out the best way to
insert data into a db via web forms and then pull it out again safely.
 I know there's lots of information out there, but I was hoping
someone could suggest a current, [easy!] best practice.  Specifically,
I have the following surely common set of situations:

1.  user submits info to db
     --how best to screen out html / escape special characters on insert

2.  info is publicly displayed
     -- how best to unescape special characters for display

3.  user edits their submission in form populated with their existing data
     --again, to screen, but not have the escape characters multiply crazily

4.  user updates db
     --again, without additional of exciting new escape characters

I'm getting a bit mixed up through all the stages, and if someone
would take pity and walk me through this, I, um, would thank you



PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to