11-24-2008, 12:49 PM
|
#1 (permalink)
|
|
The Wanderer
Join Date: Nov 2008
Location: Yorkshire, England
Posts: 8
Thanks: 1
|
PHP Security: Escape Output
PHP Security: Escape Output
In the Zend Certification Study Guide it says:
Quote:
|
Originally Posted by Study Guide
If you prepare output by escaping it and storing it to a specific array, you can then use the latter’s contents without having to worry about whether the output has been escaped.
If you encounter a variable in your script that is being outputted and is not part of this array, then it should be regarded suspiciously. This practice will help make your code easier to read and maintain. For this example, assume that the value for $user_message comes from a database result set.
|
PHP Code:
$html = array();
$html[’message’] = htmlentities($user_message, ENT_QUOTES, ’UTF-8’);
echo $html[’message’];
So my qestion is, why an array? I can not see how that makes any difference than doing:
PHP Code:
echo htmlentities($user_message, ENT_QUOTES, ’UTF-8’);
or more simular
PHP Code:
$user_message = htmlentities($user_message, ENT_QUOTES, ’UTF-8’);
echo $user_message;
__________________
NuWeb
|
|
|
|
Join the friendly bunch on IRC...
Threaded Mode
