On Wed, 26 Jan 2005 13:07:34 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]> wrote: > Ben Edwards wrote: > > On Tue, 25 Jan 2005 17:02:21 -0800, Chris <[EMAIL PROTECTED]> > > wrote: > >> You should probably use get_magic_quotes_runtime() , as _gpc only > >> applies to GET/POST/COOKIE, > >> > >> htmlspecialchars is needed so the HTML can be parsed properly: > > > > So this is this only done to stuff that is to be displayed on a web > > page? What happens if it is done to stuff that is (possibly) also > > passed through addslashes and written to the database. > > Don't do it.
Don't worry, I wont. Databases are for data. I would'nt dream of polluting them with HTML;) > What if tomorrow you decide you need to output a PDF as well as your HTML > from that same data -- You've got all those funky htmlspecialchars() in > your database that have NOTHING to do with your data. They are only > needed for the HTML presentation of your data. Seperation of data and presentation and logic, precisely. Ben > For example, I have a web-site where we have had an on-line calendar for > ages. A few years ago, I found out the client was re-typing all his > calendar items (a hundred a month) into three different software packages, > just so he could get a print-out for flyers/handouts of his calendar of > events. > > Silly client. > > Now his web-site provides him with a PDF of his calendar with a single > click, instead of 4 hours of drudge-work every month copying data from A > to B by hand. There ain't no htmlspecialchars() in the database, thank > [deity], or I'd have to un-do that just to make the PDF. Ugh! > > -- > Like Music? > http://l-i-e.com/artists.htm > > -- Ben Edwards - Poole, UK, England WARNING:This email contained partisan views - dont ever accuse me of using the veneer of objectivity If you have a problem emailing me use http://www.gurtlush.org.uk/profiles.php?uid=4 (email address this email is sent from may be defunct) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php