I don't yet have a complete understanding of string encodings for the
various environments they may need to pass through or be in. I have
found bits and pieces within Larry's book, the online docs, and by
my app seems to be working fine, but I don't yet feel confident on "best
practices". So, I thought I'd see if I could spark some feedback to the
1.) Saving strings to a database
2.) print/echo'ing string fields from a database.
a. Allowing HTML?
b. Not allowing HTML?
3.) print/echo'ing string fields into form textareas.
4.) Simply encoding strings to send over a GET request.
5.) Simply displaying strings from the $_REQUEST array.
6.) string encoding for redirects
I understand that some of the above may depend on what database is
being used. However, here is basically what I'm using successfully so
far (disclaimer: obviously I am not sure of things here which is why I
am asking the question ;-) ):
$t_string = mysql_real_escape_string($f_varied_chars); //if using MySQL
(optionally could use htmlspecialchars()?) to not allow
a. Nothing different.. or perhaps htmlspecialchars_decode()?
b. use htmlspecialchars upon saving to database, or using
<textarea..><?PHP print htmlspecialchars($db_string); ?></textarea>?
4.) $t_string = urlencode($t_varied_chars);
//(not sure if htmlentities would be needed in certain situations)
5.) print urldecode($_GET['t_string']);
//(not sure if html_entity_decode() would be needed in certain
situations where you would want to display html?)
ob_end_clean(); // destroy buffer
$t_string = urlencode("text with varied chars");
$t_url = "page.php?f_string=$t_string";
header ("Location: $t_url");
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php