On 11/29/07, Adam Williams <awilliam@xxxxxxxxxxxxxxxx> wrote: > I've got an html form, and I have PHP parse the message variables for > special characters so when I concatenate all off the message variables > together, if a person has put in a ' " or other special character, it > won't break it when it used in mail($to, "MMH Suggestion", "$message", > "$headers"); below is my snippet of code, but is there a better way to > parse the text for special characters. what about if I were to have the > $message inserted into a mysql field? how would I need to handle > special characters that way? htmlentities() htmlspecialchars() first i would run $message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING); then probably $message = htmlspecialchars($message); that should suffice. it depends i suppose. if you need to dump the html as-is, or you want to encode it first. i don't trust anything users submit though, so i encode it on output -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
