Menu
▾
▴
[phpBT-dev] Htmlspecialchars, htmlentities and encoding
|
From: Jirka P. <fi...@us...> - 2002-04-29 13:51:52
|
I tested it heavily and I see a need to change it completely. It's not clean, how the strings submitted by a form are handled. Somewhere = they are inserted into the database as is. Somewhere they are converted wit= h htmlspecialchars or something similar. Here the magic quotes are entering the game. We have to set them to 'on'. A= nd don't convert any string before inserting it into database, because ther= e are 3 cases, in which we are printing out the string. One is pure html (text in paragraph etc.) and second is form input. In para= graph, we have _can_ put it unformatted, while in form input we _must_ prin= t it out with double quotes translated into """. Last is textarea, whi= ch has no need to slash or translate the quotes. There is also problem with using of mail function and conversion of special= characters. I think the best way to send e-mail is convert it into quoted-= printable, encoded with $STRING['lang_charset']. Ugh, it's all. If there are is no reason for not repairing it, please tell = me, before I will start with it. Jirka |
