On Sat, April 21, 2007 5:20 am, Dotan Cohen wrote: > Although I can semicolons and the like, greater than and less than > signs I want to keep as there are some rather witty people from the > Mathematics faculty who will be using the comments. I'll str_replace() > them to > and < however. Store the original data (after mysql escaping). Upon output to a browser, *ANY* data should have htmlentities() called on it, unless you really really trust the author and have a secure chain of evidence that it's kosher to let them put HTML/JS on your site. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
