Re: PHP form Creates Blank DB entries

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Jeff <jam(at)zoidtechnologies(dot)com>
Cc: Frank Bax <fbax(at)sympatico(dot)ca>, pgsql-php(at)postgresql(dot)org
Subject: Re: PHP form Creates Blank DB entries
Date: 2003-07-01 13:46:57
Message-ID: 20030701134657.GA1999@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

On Mon, Jun 30, 2003 at 18:22:59 -0400,
Jeff <jam(at)zoidtechnologies(dot)com> wrote:
>
> also, I would suggest running each of the variables through a function that
> strips out html tags (since you don't really care about allowing them in
> this case, right?).. you can do that with strip_tags.. see
> http://php.net/strip_tags

Wouldn't it be better to replace <, >, " and & with &lt;, &gt;, &quot; and
&amp;, resprectively since those characters could legitimately appear
in at least some of those strings?

In response to

Responses

Browse pgsql-php by date

  From Date Subject
Next Message Jeff 2003-07-01 13:51:00 Re: PHP form Creates Blank DB entries
Previous Message Michael Hanna 2003-07-01 09:59:13 Re: Best way to convert PG's TIMESTAMPTZ to PHP DATE?