I don't yet have a complete understanding of string encodings for the
various environments they may need to pass through or be in. I have found bits and pieces within Larry's book, the online docs, and by googling... and
my app seems to be working fine, but I don't yet feel confident on "best
practices". So, I thought I'd see if I could spark some feedback to the following:

1.) Saving strings to a database

2.) print/echo'ing string fields from a database.
    a. Allowing HTML?
    b. Not allowing HTML?

3.) print/echo'ing string fields into form textareas.

4.) Simply encoding strings to send over a GET request.

5.) Simply displaying strings from the $_REQUEST array.

6.) string encoding for redirects

I understand that some of the above may depend on what database is
being used. However, here is basically what I'm using successfully so far (disclaimer: obviously I am not sure of things here which is why I am asking the question ;-) ):

$t_string = mysql_real_escape_string($f_varied_chars); //if using MySQL
 (optionally could use htmlspecialchars()?) to not allow

print "$db_string";
 a. Nothing different.. or perhaps htmlspecialchars_decode()?
 b. use htmlspecialchars upon saving to database, or using
    print htmlentities($db_string);??

<textarea..><?PHP print htmlspecialchars($db_string); ?></textarea>?

4.) $t_string = urlencode($t_varied_chars);
//(not sure if htmlentities would be needed in certain situations)
<a href="page.php?f_string=$t_string">x</a>

5.)   print urldecode($_GET['t_string']);
//(not sure if html_entity_decode() would be needed in certain situations where you would want to display html?)

ob_end_clean(); // destroy buffer
$t_string = urlencode("text with varied chars");
$t_url = "page.php?f_string=$t_string";
header ("Location: $t_url");


D Brooke

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to