Question regarding coding practice in "PHP: Novice to Ninja" by Kevin Yank

NewWebDesigner2 · April 17, 2013, 9:22am

Hello,

I am new to this forum and am going through Kevin Yank’s “PHP and MySQL: Novice to Ninja”. If there is a forum dedicated to that book, let me know and I will post there. Anyway, on page 182, I came across this code:


...
<?php htmlout($joke['text']); ?>
<input type="hidden" name="id" value="<?php echo $joke['id]; ?>">
...

Why did the author use the htmlout() function to print out $joke[‘text’] but just used echo to print the $joke[‘id’]? whats the difference? If I should post this in a different forum, let me know.

chris_upjohn · April 17, 2013, 11:51am

Hi NewWebDesigner2 and welcome to SitePoint,

If you keep reading from memory he talks about escaping the HTML that may be included in text which prevents XSS attacks on your site, the ID doesn’t need this because it should always be an INT in your MySQL database.

NewWebDesigner2 · April 17, 2013, 5:26pm

I see, thank you.