I have kind of a lazy form that has two textboxes. When I click a button I basically concatenate the two textboxes with a delimiter. Is there like a special delimiter that cannot actually be typed in an html textbox, even if the &#xxx; syntax is used?
A:
No, if you want to disallow characters you'll have to add some sort of javascript to prevent them being entered. Or just remove them from each field before joining.
bemace
2010-10-24 03:26:10
A:
Why concatenate? How about using JSON?
A simple and safe concatenation format would be
<length of the first string> <space> <first string> <second string>
For example
'abcd' + 'foo' => '4 abcdfoo'
Thilo
2010-10-24 03:26:45
Natural extension to an arbitrary number of strings: `4 abcd 3 foo 3 bar`. But I'd still go with JSON if I had to string-encode complex data (if you can call an array complex).
Thilo
2010-10-24 03:30:57
This is more or less what I want. I have to look into JSON now. Thanks.
Shawn
2010-10-24 03:52:17
A:
Anything can be typed into a textfield, which is why it is so important to sanitize all user input.
greg
2010-10-24 03:28:41