NYCPHP Meetup

NYPHP.org

[nycphp-talk] Best practices for form input/output between PHP & MySQL?

D C Krook dkrook at hotmail.com
Wed Sep 17 16:56:36 EDT 2003


Greetings,

I work on a web application that is used to manage tasks and work flow among 
a team of developers and producers.  Clients enter tasks, developers make 
notes and occasionally add code snippets via a standard form with text 
inputs and textarea boxes.

We take care to sanitize user input and data display by way of addslashes(), 
stripslashes(), htmlfunctions(), nl2br() and the like, but occasionally a 
legitimate backslash in a code snippet gets removed when updating a textarea 
containing some code, for example:

escape(document.title.replace(/\+/g,''))
  becomes
escape(document.title.replace(/+/g,''))

Of course, that sort of thing is not easy to catch when you're developing 
such an application (it went unnoticed in our case for quite a few months), 
so I'm wondering if anyone can share some good utility functions that can 
sanitize form input going into a database and information coming from the 
database for display in the browser (with HTML entitized).

In essence, I'd like to hear some thoughts on the most robust way to flesh 
out the following functions:


function sanitizeInputForDB ($strFieldInput) {

}

function formatDataForDisplay ($strData, $isTextArea = false) {
	if (!$isTextArea) {

	} else {

	}
}


TIA,
-Dan



==========================================
Daniel Christer Krook
http://krook.net/ || http://krook.info/
http://civet.net/ || http://dev.krook.org/

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




More information about the talk mailing list