Hi
I have FCK successfully running, happy with it, it's great.
Although I am curious about special characters.
For other non-FCK-edited data I have, I use php's mysql_real_escape_string function on data I insert into my database. Then I use php's htmlspecialentities function to convert special characters back to a form which is useable in the browser. This seems to be a recommended overall procedure on php forums, especially for security reasons.
With FCK, I don't see either of these functions being used. In the public final HTML page, I had to actually disable htmlspecialentities on the incoming FCK data, otherwise my html tags would be displayed in the browser.
From a security perspective with regards to special characters, how is FCK? Is it taken care of and I just not think about it?
I have FCK successfully running, happy with it, it's great.
Although I am curious about special characters.
For other non-FCK-edited data I have, I use php's mysql_real_escape_string function on data I insert into my database. Then I use php's htmlspecialentities function to convert special characters back to a form which is useable in the browser. This seems to be a recommended overall procedure on php forums, especially for security reasons.
With FCK, I don't see either of these functions being used. In the public final HTML page, I had to actually disable htmlspecialentities on the incoming FCK data, otherwise my html tags would be displayed in the browser.
From a security perspective with regards to special characters, how is FCK? Is it taken care of and I just not think about it?