On Mon, May 22, 2006 11:25 am, afan@xxxxxxxx wrote: > After the form is submitted, some fields are filled with single and/or > double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff). > I validate what I got using mysql_real_escape_string() and then store > the > result in MySQL. And, it will be stored as:1\'2\"x2\'4\", and sky\'s > blue, > and \"cool\" stuff. > Is this correct way No. If you still see \' in your data after it's in MySQL, then you have done TWO escapes, and should have only done ONE. Your data is now corrupt. > or "correct" way will be to convert quotes in html > entities? If yes, means have to use htmlentities($Size, ENT_QUOTES)? You would need to use htmlentities ONLY when you send the data out to a web browser, and ONLY at the last second before it goes to the browser. Don't store the htmlentities() version in your data -- Keep the data clean, so that you can, for example, export it, search it, sort it, send it out as XML or RSS or whatever. Only the data actually going to the browser needs htmlentities() -- Calling htmlentities() anywhere else just introduces problems down the line, sooner or later. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
