On Sat, 10 Dec 2005 20:51:57 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
Marc Delisle schrieb:
- sanitize individually what can be echoed (like
$message) with
PMA_sanitize(), for XSS protection. Any need to sanitize something else?
use htmlspecialchars() and PMA_sanititze() only if html tags allowed
Yes.
- (later) in
an effort to clean global space, replace $str by constants
0
i dont know, i have no knowledge about the difference how variables and
constants handled by PHP
i dont think that this gives performance boost, as not like in other
languages constants defined first and than replaced in code before
compiling!
i know the disadvantage of a function i suggested, but using a function
is much more flexible, f.e. in case of errors or reformating, more
felxible than sprintf()
Function is flexible, however I'm afraid of performance impacts. When
we want to avoid having strings in global namespace, I see only fast
solution with constants.
it would be possible to load only contextual strings,
not with current
lang files, but possible later with optionally in db saved strings with
context information
What would be reason to store strings in DB?
and i dont know if it is a good practice to use
constants for strings
Why not?
--
Michal Čihař |
http://cihar.com