Hi all, I'm looking at adding a new search feature to my site, and one of the elements of this is to echo back in the search results page, the original string the user searched for. Up until now, XSS hasn't (afaik) been an issue for my site, but I can see from a mile off this will be. What would you guys recommend to avoid this? I'd thought initially of using a mixture of html_special_chars() and a regex (as yet not sure what I'll be stripping out with this) to sanitise the output for display on the results page, but is this enough? Thanks Ash www.ashleysheridan.co.uk
