Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.
Popular code excerpts may be moved to "Code Snippets" by the moderators.
I am creating a blog that will have user input which might sometimes consist of code samples. The data would be stored inside a database so i would use mysql_real_escape_string() when inserting the data and stripslashes() when displaying the data. Below is the php code that i created to help decide which method would be best :
The user input is displayed as 'sample code' without being parsed. I tried using the html tags <code></code> instead of <pre></pre> but i want the 'code' entered to be displayed as the user enters it into the textarea. Is this a (relatively) secure method for allowing visitors to post code samples?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
My answer to any questions as to why use str_replace instead of htmlentities: the only problematic characters are < and >, and so only these really need changing. Changing everything is just superfluous.
To social_experiment: did your test answer your own question regarding the javascript? If not; the script will be output as text not as code because of the str_replace converting < and >.
To social_experiment: did your test answer your own question regarding the javascript? If not; the script will be output as text not as code because of the str_replace converting < and >
Yes i found that the 'code' is displayed as text as it should, i can just echo that $replaced_text between <pre></pre> tags and would get the same result ( i think ).
Thanks for the critique
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering