[Phpmyadmin-devel] Re: globals

Michal Čihař michal at cihar.com
Sun Dec 11 09:30:05 CET 2005


On Sat, 10 Dec 2005 20:51:57 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:

> Marc Delisle schrieb:
> > - sanitize individually what can be echoed (like $message) with 
> > PMA_sanitize(), for XSS protection. Any need to sanitize something else?
> 
> use htmlspecialchars() and PMA_sanititze() only if html tags allowed

Yes.

> > - (later) in an effort to clean global space, replace $str by constants
> 
> 0
> 
> i dont know, i have no knowledge about the difference how variables and 
> constants handled by PHP
> 
> i dont think that this gives performance boost, as not like in other 
> languages constants defined first and than replaced in code before 
> compiling!
> 
> i know the disadvantage of a function i suggested, but using a function 
> is much more flexible, f.e. in case of errors or reformating, more 
> felxible than sprintf()

Function is flexible, however I'm afraid of performance impacts. When
we want to avoid having strings in global namespace, I see only fast
solution with constants.

> it would be possible to load only contextual strings, not with current 
> lang files, but possible later with optionally in db saved strings with 
> context information

What would be reason to store strings in DB?

> and i dont know if it is a good practice to use constants for strings

Why not?

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051211/d3aad8c4/attachment.sig>


More information about the Developers mailing list