Search found 19 matches
- Sun May 14, 2006 12:26 pm
- Forum: PHP - Code
- Topic: Quirky PHP question (variables in MYSQL statements)
- Replies: 7
- Views: 718
Never ever ever build SQL statements by directly dumping variables into the string. Do this instead: $sql = 'SELECT * FROM books WHERE book_id = %d'; $sql = sprintf($sql, $book_id); The %d sprintf() token is for integers. Whatever $book_id is, be it a number, boolean, string, whatever, it won't brea...
- Sun May 14, 2006 12:19 pm
- Forum: PHP - Code
- Topic: Code to get field value from DB not working
- Replies: 4
- Views: 462
- Sun May 14, 2006 12:15 pm
- Forum: PHP - Code
- Topic: editing a XML file
- Replies: 9
- Views: 449
Holy crap. Don't do that. $doc = DOMDocument::load('yourfile.xml'); $root = $doc->documentElement; $item = $doc->createElement('item'); $item->setAttribute('name', 'Test3'); $item->appendChild($doc->createElement('category', 'Other')); $item->appendChild($doc->createElement('serial', '1234')); $root...
- Sun May 14, 2006 12:09 pm
- Forum: PHP - Code
- Topic: HTML Encode / Decode
- Replies: 3
- Views: 454
printf('<textarea>%s</textarea>', htmlspecialchars($string, ENT_NOQUOTES, 'UTF-8')); ... 100% bulletproof. ENT_NOQUOTES (vs. ENT_COMPAT or ENT_QUOTES) disables quote encoding, as it's not needed outside of attribute markup. Setting the encoding type really isn't so important with htmlspecialchars()...