Topic: Anyone here Use the PEAR Library?

I just wanted to know if anyone has ever used, or uses the PEAR library.  Looking for some pros and cons, etc.. I am experimenting with HTML_Quickform and I am looking for someone who has had any prior experiences with this and any other PEAR packages? I have noticed that Quickform objects output using HTML tables to generate a given form.  It states at the pear website that Quickform is XHTML compliant, but I am trying to not use tables in my design, except where tabular data needs to be displayed.  Does anyone know if there is a way around this?  I read something about some functions with in the QuickForm class that allow you to create your own templates for output, but I am not sure how it all works.  and BTW, I did RTFM wink.  The manual is so tech oriented, that my head spins.  I am just an average joe trying to learn more.

thanks!

Re: Anyone here Use the PEAR Library?

I downloaded it, looked at it briefly, and figured out that I rather write my own functions, that I know what they do.
(and considering how bugs has been used in several attacks lately (awstat etc.), I rather use my own functions than well spread things...)

Re: Anyone here Use the PEAR Library?

Thanks frank.

That?s the general consensus from other developers that I know.  Would you by any chance know of a good resource that explains tried and true methods of posting form data securely?

TIA.

Re: Anyone here Use the PEAR Library?

well, not really, I usually try to limit the input as much as possible, if I'm taking in an integer value, I use the intval() function to make sure it won't be a string or something, and also, on strings where I know I won't use certain letters, I make sure to remove them, and sometimes refuse to accept the variables if some 'illegal' characters are found, all depends on how safe I want to try to make it wink ... and then there's the escape function aswell, that will escape out char that can break queries ...

you should try to avoid taking things from a form and put it directly into a query, and you shouldn't use register globals on either (PHP recommends it to be off), much much better to know where the variables come from (there are examples where ppl have made cookies that enter malicious data, instead of actual form field) ... so $_POST['variablename'] is a good way to limit input aswell ...

but, the most important thing is to try to limit what's taken into the script (but sometimes it's hard to do safe functions ...)... and replace stuff that's not to be there, and escape text (and putting them to htmlentities might work aswell, depending on what's done)

But, do note, that I'm no security guru... there's probably others here that have more knowledge on what is insecure and whatnot ... Above is more or less only how I try to keep my code as safe as possible smile

Re: Anyone here Use the PEAR Library?

Frank, I really do apprecieate your feedback.  There is so much to consider. I often don't know where to start first.

Thanks again