>"Chris W. Parker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]>01.ati.local...
>Torsten Roehr <mailto:[EMAIL PROTECTED]>
>    on Wednesday, June 30, 2004 10:03 AM said:
>
>> 1. get data from DB
>> 2. convert for valid HTML output (stripslashes(), htmlentities())
>> 3. output as HTML (into the form elements)
>> 4. get POST data
>> 5. escape POST data and insert into DB again
>
>two comments:
>
>first comment:
>
>re: #2. why stripslashes()? if you've properly escaped your data before
>the INSERT the slashes should be non-existant on the way out should they
>not?

Correct. My fault.

>
>second comment:
>
>you forgot #4.5 *validate* data to your specifications

Correct also. But I was focusing in the quote problem ;)

Torsten

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to