newwebdesigner2 — 2013-04-17T05:22:46-04:00 — #1
I am new to this forum and am going through Kevin Yank's "PHP and MySQL: Novice to Ninja". If there is a forum dedicated to that book, let me know and I will post there. Anyway, on page 182, I came across this code:
<?php htmlout($joke['text']); ?>
<input type="hidden" name="id" value="<?php echo $joke['id]; ?>">
Why did the author use the htmlout() function to print out $joke['text'] but just used echo to print the $joke['id']? whats the difference? If I should post this in a different forum, let me know.
chris_upjohn — 2013-04-17T07:51:58-04:00 — #2
Hi NewWebDesigner2 and welcome to SitePoint,
If you keep reading from memory he talks about escaping the HTML that may be included in text which prevents XSS attacks on your site, the ID doesn't need this because it should always be an INT in your MySQL database.
newwebdesigner2 — 2013-04-17T13:26:39-04:00 — #3