[PHP-DOC] cvs: phpdoc /en/chapters tutorial.xml

Fri, 15 Sep 2006 18:59:43 -0700 

rasmus          Sat Sep 16 01:59:28 2006 UTC

  Modified files:              
    /phpdoc/en/chapters tutorial.xml 
  Log:
  Could someone spruce this up a bit with links to the appropriate parts
  of the docs for the functions and ext/filter?
  
  
http://cvs.php.net/viewvc.cgi/phpdoc/en/chapters/tutorial.xml?r1=1.42&r2=1.43&diff_format=u
Index: phpdoc/en/chapters/tutorial.xml
diff -u phpdoc/en/chapters/tutorial.xml:1.42 
phpdoc/en/chapters/tutorial.xml:1.43
--- phpdoc/en/chapters/tutorial.xml:1.42        Sat Mar 18 23:35:30 2006
+++ phpdoc/en/chapters/tutorial.xml     Sat Sep 16 01:59:28 2006
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-9"?>
-<!-- $Revision: 1.42 $ -->
+<!-- $Revision: 1.43 $ -->
  <chapter id="tutorial">
   <title>A simple tutorial</title>
 
@@ -411,8 +411,8 @@
      <title>Printing data from our form</title>
      <programlisting role="php">
 <![CDATA[
-Hi <?php echo $_POST['name']; ?>.
-You are <?php echo $_POST['age']; ?> years old.
+Hi <?php echo htmlspecialchars($_POST['name']); ?>.
+You are <?php echo (int)$_POST['age']; ?> years old.
 ]]>
      </programlisting>
      <para>
@@ -426,7 +426,13 @@
     </example>
    </para>
    <para>
-    It should be obvious what this does. There is nothing more to it.
+    Apart from the htmlspecialchars() and (int) parts, it should be obvious
+    what this does.  htmlspecialchars() makes sure any characters that are
+    special in html are properly encoded so people can't inject HTML tags
+    or Javascript into your page.  For  the age field, since we know it is
+    a number, we can just convert it to an integer which will automatically
+    get rid of any stray characters.  You can also have PHP do this for you
+    automatically by using the filter extension.
     The <varname>$_POST['name']</varname> and <varname>$_POST['age']</varname>
     variables are automatically set for you by PHP.  Earlier we
     used the <varname>$_SERVER</varname> autoglobal; above we just 
@@ -438,7 +444,7 @@
     You may also use the <link 
linkend="reserved.variables.request">$_REQUEST</link>
     autoglobal, if you do not care about the source of your request data. It 
     contains the merged information of GET, POST and COOKIE data.  Also see 
the 
-    <function>import_request_variables</function> function.
+    <function>import_request_variables</function> function.  
    </para>
    <para>
     You can also deal with XForms input in PHP, although you will find yourself

Reply via email to