Hello all, I am coding a small Project.
I have a form that allows HTML data, this is then added to the database.
^ Data is submited via Admins but should any data validation be done? addslashes ext…
I then export that data via a XML to the website. (done via xml, as same data is used on 2 sites).
Im having problems iwth people useing ’ or ` …
Useing SimpleXML (dom) to output xml data… Any assitance or articles much appreatiated.
(sorry for the post, im in a rush, and rush for a solution.)
Personally, I think the best way to deal with HTML data is to actually use XHTML.
You can create a form that creates the XHTML, and on the PHP side, you can just load the XHTML as XML and validate it against the XHTML DTD or Schema, and insert it if its valid. If the complete DTD or Schema is an overkill (especially because it will require you to either download all modules or connect remotely to W3C), you can always define your own subset.
For the sake of the DB, you should use whatever function is provided to escape strings or add parameters into a query. In the case of MySQLi for example, you have mysqli_real_escape_string() or [url=http://bg.php.net/manual/en/mysqli-stmt.bind-param.php]mysqli_stmt_bind_param() if you use prepared statements.