Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before
your DB insert, just to keep those things under your command)
-Brad
afan@xxxxxxxx wrote:
Hi to all!
After the form is submitted, some fields are filled with single and/or
double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff).
I validate what I got using mysql_real_escape_string() and then store the
result in MySQL. And, it will be stored as:1\'2\"x2\'4\", and sky\'s blue,
and \"cool\" stuff.
Is this correct way or "correct" way will be to convert quotes in html
entities? If yes, means have to use htmlentities($Size, ENT_QUOTES)?
Thanks for any thoughts!
-afan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
