ODBiC Discussion Board

RE: Only by saving the string to a file, Roger Harris, 05-02-2009

by Louis, May 2, 2009 03:30

Hi Roger,

A few days ago I've implemented a WYSIWYG html editor. It is just for editing descriptions of products in our catalog.

If I could use commands, I could add some functions to show the rights pictures. Instead if embedding them into the html code, I could add a self-written function to get the right picture of a product.

Something like

"In the following picture... <% $getImage($productnumb$,2) %>

Writing to a file and including is an option too. But I think it will be slower. And the file should be deleted also.

But I understand the security risk. It's something like the SQL Injection, which I read about for the first time on this forum.




Post Your Reply:

E-mail  optional

HTTP Link: 
Link text: 


Copyright ©1997-2003, Roger Harris. All rights reserved.