Eric, It sounds like you just need to do some reading on "best practices" of security when writing php code. It's pretty vast what one can do when trying to hack a php application and depending on what php server settings are set, you may need to do certain things. I'd suggesting reading / google php security and viewing pages like the following to answer your question. It may only answer your question in the long run, but there are many more things to know about besides htmlentities to make sure your application is secure. I actually need to do some reading about them. Once in a while http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ Also events like the following are good to go to expecially if you can get your company to pay for them. http://www.osevents.com/page5.html? Eric Gorr wrote: > Chris W. Parker wrote: >> Or in a less extreme case, your > >> computer get hijacked and used to send spam because you used >> htmlentities() instead of strip_tags(). > > > Well, this is why I asked the question to begin with. I am concerned (as > everyone _should_ be) about such things and desire to do my best to > prevent them. > > Now, as near as I can tell, strip_tags is the only thing one really > needs to do to be safe. > > But, one can use htmlentities to potentially preserve useful text, if it > is important to do so and still remain safe - with the downside being > having a messier body then may be necessary. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
