On 1/14/07, Beauford <phpuser@xxxxxxxxxx> wrote:
I guess I'm just doing something wrong, 'cause that doesn't work either - nor do the hundreds of other snippets I've used. Here's the scenario. I have a form - after they submit the form it shows what they have entered, this is where I get the \. It also does it if the form redisplays after the user has input invalid data.
Just a refresher/reminder, and try to make things simple... escape input/output according to the context: if reading a form variable from POST/GET/COOKIES and magic_gpc is on: unescape the vars via stripslashes other wise do nothing if putting a variable, to a db use the databases escape function before passing it to the db if putting it to html, htmlspecialchar() or htmlenties() the variable before displaying it if putting it in a url, urlencode it. if putting it to X, Xencode it. (where X some other output) When following these guidelines you will be able to find the exact area where the problem is. Curt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
