Skip site navigation (1) Skip section navigation (2)

Re: PHP form Creates Blank DB entries

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Jeff <jam(at)zoidtechnologies(dot)com>
Cc: Frank Bax <fbax(at)sympatico(dot)ca>, pgsql-php(at)postgresql(dot)org
Subject: Re: PHP form Creates Blank DB entries
Date: 2003-07-01 13:46:57
Message-ID: 20030701134657.GA1999@wolff.to (view raw or flat)
Thread:
Lists: pgsql-php
On Mon, Jun 30, 2003 at 18:22:59 -0400,
  Jeff <jam(at)zoidtechnologies(dot)com> wrote:
> 
> also, I would suggest running each of the variables through a function that
> strips out html tags (since you don't really care about allowing them in
> this case, right?).. you can do that with strip_tags.. see
> http://php.net/strip_tags

Wouldn't it be better to replace <, >, " and & with &lt;, &gt;, &quot; and
&amp;, resprectively since those characters could legitimately appear
in at least some of those strings?

In response to

Responses

pgsql-php by date

Next:From: JeffDate: 2003-07-01 13:51:00
Subject: Re: PHP form Creates Blank DB entries
Previous:From: Michael HannaDate: 2003-07-01 09:59:13
Subject: Re: Best way to convert PG's TIMESTAMPTZ to PHP DATE?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group