I've got two questions. I'm having to redo my form. Can you tell me
the difference if any between these two lines of code? This is for
output filtering.

<textarea name="description"> <?php echo htmlout("$description"); ?></textarea>
<textarea name="description"><?php echo htmlout($description); ?> </textarea>

One has the quotes around the parameter in the function call the other
does not. Here's the functions:

function html($text)
        return htmlentities($text, ENT_QUOTES, 'UTF-8');

function htmlout($text)
        return html($text);

My second question is I'm wanting to do input filtering to prevent
anything malicious from coming in to my form. The eventual goal is to
get this information in to a database. Here's an insecure name field
i'm wanting to secure it against html tags, strange text, no symbols
except perhaps period, dash, letters, numbers alpha numeric stuff.

$name = $_POST['name'];

<label for="name">Name*:</label>
<input type="text" name="name" id="name" size="50" value="<?php echo
htmlout($name); ?>" /> <br />

In my previous form i used a variable declaration like:

$name = trim($_POST['name']);
but I can probably do better, as I said this is eventually going in to
a database.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to