NYCPHP Meetup

[Justin Hileman]

Paul A Houle wrote:
>
>     It might be an irresponsible namespace grab,  but I've got a
> function that is (almost)
>
> function Q($s) { echo htmlspecialchars($s) };
>
>     and I get into the habit of writing <?php Q($string) ?> in my
> templates so I'm not writing hundreds of HTML injection bugs all day..

For bonus points, I'm a fan of something this:

function _($string) { echo htmlspecialchars(l10n($string)); }

Then <?php _($string) ?> does double duty: it escapes what you need to 
escape, and runs the string through a localization lookup function or table.

-- 
justin
http://justinhileman.com