[GLLUG] Syntax checking

Ben Pfaff blp@cs.stanford.edu
20 Mar 2002 17:46:49 -0800


Mike Szumlinski <szumlins@msu.edu> writes:

>         while ($myrow = mysql_fetch_row($result))
>         {
>         
>         printf("<i>$myrow[2]</i><p>\n");
>         printf("$myrow[0]<br>\n");
>         printf("<font size='-1'>Posted by $myrow[1]</font></p>");
> 
>         }

Are you sure that you want printf() at all?  At least in C this
interprets escapes that begin with %, so any %s in your input
will cause a lot of trouble at the language level, not to mention
the HTML level.

There is probably an "HTML escape" function somewhere in your
language seeing as it is targeted for HTML applications.  Look
for that.  Failing that, you can always do manual escapes.
Here's the way it would look in Perl (I don't know PHP):

        foreach $c (split (//, $myrow[1])) {
                if ($c eq '&') { print "&nbsp;"; }
                elsif ($c eq '<') { print "&lt;"; }
                elsif ($c eq '>') { print "&gt;"; }
                else { print $c; }
        }

Of course, this being Perl, there is More Than One Way To Do It,
but something like that would work.
-- 
<blp@cs.stanford.edu> <pfaffben@msu.edu> <pfaffben@debian.org> <blp@gnu.org>
Stanford Ph.D. Student - MSU Alumnus - Debian Maintainer - GNU Developer
Personal webpage: http://www.msu.edu/~pfaffben