Saving CSS

[adam84]

Howdy,

 

I want to allow my registered users to create their own css for their page. My question is how would i go about saving this information. I have a few ideas.

 

1. Say I have five different css styles I am allowing them to edit. Would I create a table with five different columns and I save each css style in its appropriate column.

 

2. Save the entire user created css file into the database.

 

Any other ideas??

[DavidAM]

Never create a row with an arbitrary number of columns.  So you create a row with five fields for CSS, then you decide to allow a sixth, how much code do you have to change?  And are you shure you got them all?

 

I would make each CSS a separate row in the db, tied to the user.

 

One Thing -- you have to be VERY careful, or have VERY trustworthy users.  You are giving them an excellent opportunity to inject HTML and possibly PHP commands into your page.

[adam84]

there any good functions or methods to use that would prevent such a problem from occuring. The only real function I use is add/strip slashes.

[DavidAM]

Well, once you are inside a style sheet, there should not be any HTML tags.  I think the strip_tags function might be useful. 

 

<STYLE>
<?php echo string_tags($style); ?>
</STYLE>

 

That's where I would start. 

 

Hopefully, If someone else has a better/different idea they will chime in.