On Dec 27, 2007 12:57 PM, Albert Wiersch <support@xxxxxxxxxxxxxxxxx> wrote:
> What needs to be escaped for a URL anyway? I am just changing spaces to
> '%20' now.
Arbitrary code can still be injected unless it's properly
sanitized, but that's beyond the scope here.
Mainly, make sure quotes (single and double) are being converted.
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
