Extracting Data from a Database



I have had a couple problems, and most have been solved. But just for information, I am making a Pastie script, with thats completely customizable. While developing through this (and getting kinda far) I am having a few questions…

My original idea was to MD5 a random string of text create it for the paste document. (This was easy to create, but doesnt look really good), so now I had the idea, create them in numerical order based on the last one made. While I posted this (and I am still a little fuzzy on this whole idea) is to store all the pastes in a database, with all the information and use a column called “id” to numerically create the Pastes in order to help organize the pastes, and I also want to be able to edit them at any time without struggling to find the document in a mess of random PHP documents.

So my first question here, is does anybody have ideas how I could make it extract the data from the database (everytime) the paste is looked at, so the data can be editted (if inappropiate or something) or any other reason. Can I get some help here?

Problem 2 is, while making it so people can paste things freely, how do I make it so tags cannot disrupt the page, so that if someone were to make a paste like this:

<title>Just a test</title>
<p>This is just a test!</p>

How do I make it so the paste would actually show up like that so that there would be no risk of XSS or anything as well as they can post code snippets to friends or whatever so I dont have to make it so it strips_tags(); ?

Thanks so much for your time, and thanks if you can help. :slight_smile:



To start at the end:
2). You could make use of HTML entities. These render as certain characters but they don’t evaluate as those characters. This works outside a textarea for sure. inside… I’m not entirely sure.

$paste_stuff = $_POST[‘paste’];
$search = array( ‘<’, ‘>’ );
$replace = array( ‘<’, ‘>’ );
$paste_stuff = str_replace( $search, $replace, $paste_stuff );

1). I’m not completely clear on what you try to do with the pastes. You want to store them in a database and call them back later? I don’t know what the MD5 string is for or what you’re trying to do with the ID.
The rest of the problem seems to be a regular fetch on a database. I’d use the ID for that.
To make the data editable, show it in a textarea in a form and process the data when the viewer hits submit.
Database interactions with PHP are well enough documentend. ( I’m lazy enough to point you to the documentation for that ) :wink:

I hope this answers your question. I hope I didn’t misunderstand you.