[thelist] PHP_SELF / Contact Form

DAVOUD TOHIDY dtohidy at hotmail.com
Wed Aug 4 15:52:20 CDT 2010

> From: moseley at hank.org
> Date: Wed, 4 Aug 2010 13:27:45 -0700
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] PHP_SELF / Contact Form
> On Wed, Aug 4, 2010 at 1:11 PM, DAVOUD TOHIDY <dtohidy at hotmail.com> wrote:

> Yes, stop digging yourself into a hole. ;)
> If you followed the advice weeks earlier then you would just:
> 1) never escape the data on input.
> 2) use the correct escape method when using that data.
> (Meaning using bind parameters when writing to the database, and html
> escaping when rendering to, eh, html)
> And 3) I'd probably just use <pre> (or maybe white-space:pre) to render the
> text as the user entered it if that's important.  Or render it again in the
> text area, which is what you probably want in this case.
> Simple approaches are best.
> I'd also search for a PHP template engine to avoid mixing markup and php
> code. (But, maybe with PHP markup does belong on the code??)
> -- 
> Bill Moseley
> moseley at hank.org
> -- 

well I will surely do it later I mean in regards to escaping..I am now experimenting.

But again I found a very nice solution for the carriage:

I now have the following (notice the chr(13) that i added ):

<?php  $message = str_replace(array("\r\n", "\n", "\r"),chr(13),$message); echo($message)?>

So without the mysql_real_escape_string that works just fine.

However as I mentioned I would like to have mysql_real_escape_string.

So please provide solution :)

I am now going home from work do I will reply tomorrow.

Thanks for your input.


More information about the thelist mailing list