Menu
▾
▴
[WebERP-developers] AccountGroups.php. Questions about code.
|
From: Rafael C. <raf...@gm...> - 2014-09-27 15:20:26
|
Hi, On AccountGroups.php, in line 320 we have: <td>' . htmlspecialchars($myrow['groupname'], ENT_QUOTES,'UTF-8') . '</td> but in lines 321 and 324 we have: <td>' . $myrow['sectionname'] . '</td> ... <td>' . $myrow['parentgroupname'] . '</td> The htmlspecialchars() function converts some predefined characters to HTML entities [ & (ampersand) becomes & " (double quote) becomes " ' (single quote) becomes ' < (less than) becomes < > (greater than) becomes > ]. My questions: 1. Is there any reason to use it in account-goup-name, but not in account-section-name nor in account-parent-group-name ? 2. How often do you find these characters (ampersand, double quote, single quote, less than, greater than) in those names ? My proposal: if these characters (ampersand, double quote, single quote, less than, greater than) are very-very-low frequent in those names, we can: a) Declare these characters as "invalid" and filter them in the "input-procedure" (procedure used infrequently) and eliminate the use of the htmlspecialchars() function in the "display-procedure" (procedure used frequently). Or, b) Convert/Unconvert these characters to store them as "HTML entities" in the database in the "input-procedure" (procedure used infrequently) and eliminate the use of the htmlspecialchars() function in the "display-procedure" (procedure used frequently) by using data "as-is" in the database. Technical comments, opinions, suggestions? Best regards, Rafael. |
