com>
Please post comments or corrections to the Author Online forum at
http://www.manning-sandbox.com/forum.jspa?forumID=329
are directly accessible. Also, helper functions are provided by the view to make writing view templates easier.
A typical view script might look like:

Glossary

glossary) :?>

glossary as $item) : ?>

escape($item['term']);?>

escape($item['description']);?>

As you can see, this script is a PHP script with an HTML bias as the PHP commands are always contained
within their own tags. Also, we have used the alternate convention for control loops so that we
don??™t have braces within separate PHP tags as matching braces can be quite tricky when using lots of separate
PHP tags.
Note that we do not trust the glossary data that has been assigned to the script. It could have come from
anywhere! In the code accompanying this book, the data is created using an array, but it could equally have
come from the users of a website. As we do not want any cross site scripting security vulnerabilities in our
website, we use the helper function escape() to ensure the term and description do not have any embedded
HTML.


Pages:
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68