That can and should be done with a simple str_replace() on the display
portion of the code.
Bastien
Sent from my iPod
On Jan 10, 2009, at 5:01 PM, Stephen <stephe...@rogers.com> wrote:
c...@l-i-e.com wrote:
Rule #1.
Never, ever, ever, alter the user's input, EXCEPT for sanitizing/
filtering.
Specifically, do NOT add <br /> tags in place of newlines.
Store the newlines.
Upon OUTPUT, you can use nl2br() to get <br /> tags.
Or str_replace if you want </p> instead.
This is crucial as a habit, down the road, when you later want to
put their stuff out as non-HTML such as RSS or PDF or other output
mechanisms.
Consider their input as sacrosanct (except for dangerous/evil input)
How do you suggest dealing with a need to allow italics, bold,
underlines, etc?
I see forum web sites that allow the user to enter [b]bold text[/b]
for example.
I would like to do this.
Anyone have a function to convert this kind of thing to HTML?
Stephen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
