quote's...---> ' <--- that one in particular - Page 2

H · November 29th, 2005, 11:11 PM

David, you realize that using single quotes around an attribute value is invalid?

**David** · November 29th, 2005, 11:30 PM

I do now lol

but invalid what?

H · November 29th, 2005, 11:35 PM

Invalid XHTML... likely invalid HTML as well (I don't care for ordinary HTML these days).

**David** · November 29th, 2005, 11:36 PM

Ah. Well, since only I see it I didn't care to check anything against it, so I didn't notice. Thanks for pointing that out though.

**mr_fern** · December 1st, 2005, 10:53 AM

HTML's much less strict than XHTML. It doesn't care whether there's no quotes (single values with no spaces), single quotes, or double quotes.

H · December 1st, 2005, 11:40 AM

That's a rather interesting way of describing it... I'd say it's not as structured, formal or standardized. Either way, for coding purposes, I would always use double quotes in the event I had to upgrade to XHTML.

Majd-GFX · December 2nd, 2005, 6:03 PM

there is practically no difference between HTML and XHTML. XHTML is just HTML compiled using XML.

Either way, i'm surprised no one brought this up, but you might want to google in "sql injection"

when you'r adding the info to the database, add this line before the query:

addslashes($foobar);

then before you echo it out (in the edit), add this line:

stripslashes($foobar);

Resources:
http://us3.php.net/addslashes
http://us3.php.net/stripslashes

H · December 2nd, 2005, 6:06 PM

Heh, addslashes and stripslashes, that's awesome.

PHP Code:


			
<?php

if (get_magic_quotes_gpc()) {

    $_POST = array_map('stripslashes',$_POST);

}

$_POST = array_map('mysql_real_escape_string',$_POST);

?>

This method is much better as you only have to deal with content as it's going in to the database. Plus it checks to see whether magic_quotes (which won't exist in PHP6) is on or not.

Edit: Also, XHTML is not compiled. It's a mark-up language that follows the structure of XML. Every tag has to be closed and has to follow structure. It's also meant to improve accessibility and begin the transition for seperating content structure from style (eg: CSS/XHTML used together).

December 1st, 2005, 10:53 AM	#14 (permalink)
mr_fern All Ur Base R Belong 2 Us Excelling Contributor Joined in Feb 2005 Lives in Vegas & New York 824 posts Gave thanks: 2 Thanked 6 times	HTML's much less strict than XHTML. It doesn't care whether there's no quotes (single values with no spaces), single quotes, or double quotes. __________________ Nobody doing nothing

December 2nd, 2005, 6:03 PM	#16 (permalink)
Majd-GFX Registered User Seasoned Poster Joined in Sep 2004 58 posts Gave thanks: 0 Thanked 0 times	there is practically no difference between HTML and XHTML. XHTML is just HTML compiled using XML. Either way, i'm surprised no one brought this up, but you might want to google in "sql injection" when you'r adding the info to the database, add this line before the query: addslashes($foobar); then before you echo it out (in the edit), add this line: stripslashes($foobar); Resources: http://us3.php.net/addslashes http://us3.php.net/stripslashes __________________

December 2nd, 2005, 6:06 PM	#17 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,086 posts Gave thanks: 48 Thanked 131 times	Heh, addslashes and stripslashes, that's awesome. PHP Code: `<?php if (get_magic_quotes_gpc()) { $_POST = array_map('stripslashes',$_POST); } $_POST = array_map('mysql_real_escape_string',$_POST); ?>` This method is much better as you only have to deal with content as it's going in to the database. Plus it checks to see whether magic_quotes (which won't exist in PHP6) is on or not. Edit: Also, XHTML is not compiled. It's a mark-up language that follows the structure of XML. Every tag has to be closed and has to follow structure. It's also meant to improve accessibility and begin the transition for seperating content structure from style (eg: CSS/XHTML used together). Last edited by H; December 2nd, 2005 at 6:08 PM..

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

November 29th, 2005, 11:11 PM	#10 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,086 posts Gave thanks: 48 Thanked 131 times	David, you realize that using single quotes around an attribute value is invalid?

November 29th, 2005, 11:35 PM	#12 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,086 posts Gave thanks: 48 Thanked 131 times	Invalid XHTML... likely invalid HTML as well (I don't care for ordinary HTML these days).

December 1st, 2005, 11:40 AM	#15 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,086 posts Gave thanks: 48 Thanked 131 times	That's a rather interesting way of describing it... I'd say it's not as structured, formal or standardized. Either way, for coding purposes, I would always use double quotes in the event I had to upgrade to XHTML.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)