[Phpmyadmin-devel] Re: globals
Michal Čihař
michal at cihar.com
Sun Dec 11 09:30:05 CET 2005
On Sat, 10 Dec 2005 20:51:57 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:
> Marc Delisle schrieb:
> > - sanitize individually what can be echoed (like $message) with
> > PMA_sanitize(), for XSS protection. Any need to sanitize something else?
>
> use htmlspecialchars() and PMA_sanititze() only if html tags allowed
Yes.
> > - (later) in an effort to clean global space, replace $str by constants
>
> 0
>
> i dont know, i have no knowledge about the difference how variables and
> constants handled by PHP
>
> i dont think that this gives performance boost, as not like in other
> languages constants defined first and than replaced in code before
> compiling!
>
> i know the disadvantage of a function i suggested, but using a function
> is much more flexible, f.e. in case of errors or reformating, more
> felxible than sprintf()
Function is flexible, however I'm afraid of performance impacts. When
we want to avoid having strings in global namespace, I see only fast
solution with constants.
> it would be possible to load only contextual strings, not with current
> lang files, but possible later with optionally in db saved strings with
> context information
What would be reason to store strings in DB?
> and i dont know if it is a good practice to use constants for strings
Why not?
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051211/d3aad8c4/attachment.sig>
More information about the Developers
mailing list