Search the Community
Showing results for tags 'decoding'.
Found 1 result
This is another strategy question. Multiple answers are welcome. What is written in present tense should be thought of as future, not yet realized activity. BACKGROUND: I have constructed a form whose intended purpose is to create chunks of data including text, links, and images that can be entered into a MySQL database for both immediate and future use. For the moment, I am only concerned about their immediate use. From the database these same chunks of data are retrieved and entered into an HTML template that serves as the backbone for an email insert that is, in fact, a weekly newsletter that can be viewed directly in one's mailbox or viewed on line should the insert fail. The mail insert is then distributed using PHPMailer that takes advantage of an assembled list of subscribers stored in the same database. Based on previous experience I believe that I am well able to handle this routine except for one hitch -- the treatment of the HTML data. MY DILEMMA: In the form are <textarea> elements that I intend to fill with a combination of plain text, HTML, and CSS styling attributes. That the HTML does not render as anything but the code itself is not a cause for concern on my part. Rather, I am bothered about how to send this data to the remote server. Now, I have been taught to filter and sanitize $_POST variable data as it is received and before processing. This time, however, I am sending the data to myself, and what will be generated and sent to my subscribers will also be generated by me. Do I even need to worry how about filtration and sanitation when I am both the source and the receiver of the data? Further, it is my understanding that MySQL is indifferent how the data is received, and that it will automatically return data in the same format that it is received. Am I making a big ado about nothing? By the way, it is not just a matter of filtration and sanitization. Take, for example, the following script used to process form data on the same page that it is entered. <form id="sevengates" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">