Isn't inserting good data and getting it out of a db a pain in the a$$?
I am going to be using the Markdown text to HTML parser
(http://daringfireball.net/projects/markdown/dingus) for creating HTML
from user input (for a bespoke CMS) so that users can put in their own
headings, lists and links etc.
This is great and gets round all the issues of apostrophes etc. when
inserting informaiton into a database for me.
However for other fields such as Username, First Name, Address etc. I
still need to be able to cleanly add in slashes (as well as other HTML
elements such as $ and &).
Is there a good solid idiot proof solution to this, bearing in mind
that from server to server things like magic quotes will change.
My thoughts are to create a function like this below to use before
constructing SQL statements:
function prep_for_db( $value ) {
if ( ini_get('magic_ quotes_gpc') != true ){
$value = addslashes( $value );
}
//some other XHTML related find and replace stuff for &, $, £ etc.
return $value
}
The second issue is that of replacing elements such as &, $ and £ (is
there a function out there for replacing these chars or do I need to
build my own?). If I replace these with things like & they will
start taking up my characters in my db fields. Would it be prudent to
just parse text on the way out of the db or is this gonna slow down
general browsing?
Any help and advice from more experienced PHPers would be greatly
appreciated.
Regards,
Rick
www.e-connected.com
