[eluser]seba22[/eluser]
Hello,
I have 2 question about populating form using form validation and database.
So i have same form, what i use for editing / saving value to database.
When it's not submitted, it's loading value form database.
When user save form, its run validation and populate values when submitted.
1) Is
Code:
<input type="text" name="admin_title" value="<?php echo set_value('admin_title','abc'); ?>" >
Is this code is safe for evil user input ?
php, xss, " ' - etc tags - code ?
If no, what should i do, where i should put that htmlspecialchars() ?
2)
Can i use set_value('admin_title',$something);
$something for populate value from database ?
Is this right way ?
Regards