Paul A Houle wrote:
It might be an irresponsible namespace grab, but I've got a
function that is (almost)
function Q($s) { echo htmlspecialchars($s) };
and I get into the habit of writing <?php Q($string) ?> in my
templates so I'm not writing hundreds of HTML injection bugs all day..
For bonus points, I'm a fan of something this:
function _($string) { echo htmlspecialchars(l10n($string)); }
Then <?php _($string) ?> does double duty: it escapes what you need to
escape, and runs the string through a localization lookup function or table.
--
justin
http://justinhileman.com
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
