I'm still new to String Processing in PHP. Below is a diagram of what I am currently doing. Ultimately, I would like to get a generic methodology for handling strings in the below scenarios. Note that the text tends to be a lot of math symbols and code syntax in this scenario.
The strings and integer are input via a standard HTML-based form (I forgot to mention that in the diagram).
Step A currently uses: mysql_real_escape_string(input);
Step B currently uses:
htmlentities($string2)
- nothing for
$string1
- nothing for the integer
Questions:
- Regarding MySQL injection, is mysql_real_escape_string sufficient to guard against this?
- I still need to finish processing the output for String1. Note how the text is actually used in two different places: HTML and Canvas. htmlentities at step B would make code syntax appear properly on the HTML5 Canvas but not in the HTML. Vice-versa for leaving it out (HTML syntax breaks the Page). Is there a JavaScript function that is identical to PHP's htmlentities?
- int form should be validated to make sure it is an int.
- String2 ouputs "null" to the HTML when I use this character ('–') which is not the standard minus-sign character ('-').
- Magic Quotes is turned off. However, if I run the script on a server with it enabled, I need a short script that goes: IF(magic quotes is enabled){turn off magic quotes}.
- What did I forget in regard to form validation?
If my approach is totally wrong, set me straight and help me get this straightened out once and for all. You can describe your solution in terms of A, B, C, D and E if you think that is helpful. Thanks in advance.