Ben Edwards wrote: > On Tue, 25 Jan 2005 17:02:21 -0800, Chris <listschris@xxxxxxxxxxxxxxx> > wrote: >> You should probably use get_magic_quotes_runtime() , as _gpc only >> applies to GET/POST/COOKIE, >> >> htmlspecialchars is needed so the HTML can be parsed properly: > > So this is this only done to stuff that is to be displayed on a web > page? What happens if it is done to stuff that is (possibly) also > passed through addslashes and written to the database. Don't do it. What if tomorrow you decide you need to output a PDF as well as your HTML from that same data -- You've got all those funky htmlspecialchars() in your database that have NOTHING to do with your data. They are only needed for the HTML presentation of your data. For example, I have a web-site where we have had an on-line calendar for ages. A few years ago, I found out the client was re-typing all his calendar items (a hundred a month) into three different software packages, just so he could get a print-out for flyers/handouts of his calendar of events. Silly client. Now his web-site provides him with a PDF of his calendar with a single click, instead of 4 hours of drudge-work every month copying data from A to B by hand. There ain't no htmlspecialchars() in the database, thank [deity], or I'd have to un-do that just to make the PDF. Ugh! -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
