tedd wrote:
At 5:03 PM +0200 4/9/09, Jan G.B. wrote:
You might want to use htmlspecialchars($str, ENT_QUOTES)
OUT from db to html
and
mysql_real_escape_string(stripslashes($_POST['yourself']));
The above tells me that you probably need to look at your magic quotes setting.
Typically, you will want to disable magic quotes in your php.ini file / VirtualHost Block / or
somewhere else. This setting tells PHP to automagically escape your GET/POST data when PHP receives
it from the web server (Apache/IIS/etc...). I recommend turning it off, but making darn sure you
sanitize all input to script from and outside source.
IN to db from html
Thanks, that worked.
Cheers,
tedd
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
