Sebastian wrote:
what is a safe way to clean a post/get before echoing it. example. input form, user enters some text, hits enter. .. next page i echo what they entered.right now i just run the variables passed by htmlentities() which preseves any html. is that acceptable?
You might also want to use stripslashes() if magic_quotes_gpc is on, so the data is not double escaped.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
