handling quotes escape quote forms php validation processing generating

As you may already know, there's a common problem with forms, databases and PHP: all of them have their special way of handling quotes. After all, it's not some terrific problem that couldn't be solved: it is only something you have to take care of:

• the root of the problem: to insert data in a database, quotes must be escaped: INSERT INTO books (title) VALUES ('John\'s book')
• otherwise we rarely need escaping quotes (no escaping needed for sending submitted form data in e-mail for example)
• PHP has a built-in feature called magic quotes (magic_quotes_gpc setting in php.ini). In earlier PHP versions it seemed to be a good idea to have every $_GET, $_POST and $_COOKIE data automatically escaped, so it was the factory default - that's why there was no need to use addslashes() before inserting data into a database. This concept has already led to unportable applications.
• Current PHP versions come with magic_quotes_gpc turned off - now you have to decide if you'd like to take care of the quotes.

The clonefish was built to provide a transparent form handling method (so you can even migrate your current code to clonefish, no matter if your magic_quotes_gpc is on or off). That's why you can control whether you're passing or want to receive escaped or unescaped data:

• $cf->addElements( $config, $_POST, get_magic_quotes_gpc() )
• $cf->getElementValues( get_magic_quotes_gpc() )
• $cf->getValue( 'elementname', get_magic_quotes_gpc() )
• $element->getValue( get_magic_quotes_gpc() )
• $element->setValue( 'value', get_magic_quotes_gpc() )

If you'd like to keep your application portable and you're handling $_GET/$_POST/$_COOKIE data, the best practice is to use get_magic_quotes_gpc() as the second parameter. This way clonefish will do the very same as PHP would: returns escaped values depending on the second parameter of the methods. Most of the time you'll now what you have and what you'll need: feel free to use the parameters as they fit your needs. For detailed description, see the reference for the methods!

© 2006, phpformclass.com | sitemap