Changes between Version 8 and Version 9 of CodingStyle
- Timestamp:
- Aug 14, 2008, 2:22:39 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CodingStyle
v8 v9 131 131 == PHP specific == 132 132 133 === HTML === 134 135 It's OK to output HTML rather than XHTML. 136 I have yet to hear a convincing reason for the latter, 137 and it's more characters. 138 133 139 === Getting POST and GET data === 134 Remember that hackers can pass arbitrary values in POST and GET, and they can use this to do SQL injections and other exploits. 135 * Do not access `$_POST` or `$_GET` directly. 136 * Use `get_int()`, `get_str()`, `post_int()` and `post_str()` (from `util.inc`) to get POST and GET data. 140 141 Do not access `$_POST` or `$_GET` directly. 142 Use `get_int()`, `get_str()`, `post_int()` and `post_str()` (from `util.inc`) to get POST and GET data. 143 These undo the effects of PHP magic quotes. 137 144 138 145 === Database access ===
