On 24/01/2008, Eric Butera <eric.butera@xxxxxxxxx> wrote:> That won't save you if you're echoing into a single quote attribute.> (ie: src='') Even after I've stripped away the tags with strip_tags()? > Like htmlspecialchars(), the optional second quote_style parameter> lets you define what will be done with 'single' and "double" quotes.> It takes on one of three constants with the default being ENT_COMPAT:>> ENT_COMPAT Will convert double-quotes and leave single-quotes alone.>>> You might want to just use: htmlspecialchars($string, ENT_QUOTES); I'm heading over to the manpage to look at that now, thanks. Dotan Cohen http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת; A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?
