You should probably use get_magic_quotes_runtime() , as _gpc only
applies to GET/POST/COOKIE,
htmlspecialchars is needed so the HTML can be parsed properly:
if the value in the text box was something like:
"> Hello World!
when you go to put in the value attribute it would end up:
<input type="text" value=""> Hello World!" />
That would not parse correctly.
but if you escaped it with htmlspecialchars or htmlentities you'd get:
<input type="text" value=""> Hello World!" />
And the box would contain the proper data
Ben Edwards wrote:
PS. How does htmlspecialchars fit into this. The unprep function is
to prepare date coming from the database to be used in <input
type=text, douse the below function make sence?
Ben
function unprep( $text ) {
// Take data coming from the database an get it ready to be presented
// to the user.
if (magic_quotes_gpc()){
$result = stripslashes($text);
}
else{
$result = $text;
}
return htmlspecialchars( $result );
}
--
Ben Edwards - Poole, UK, England
WARNING:This email contained partisan views - dont ever accuse me of
using the veneer of objectivity
If you have a problem emailing me use
http://www.gurtlush.org.uk/profiles.php?uid=4
(email address this email is sent from may be defunct)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
