Jason Pruim wrote: > Hey Everyone, > > Probably a simple question but I wanted to make sure I was right > before I got to far ahead of my self.... > > I have a form that I am working on and this form will be emailed to > the recipient for processing (Not stored in a database). > > When I store in a database, I simply run all the data through > mysql_real_escape_string() and it's all good... Without the database, > is it just as easy as addslashes($var)? or is there more that needs to > be done? > > In the end, the info will be echoed back out to the user to be viewed > but not edited and emailed to someone to add the registration collect > money, etc etc. > > Am I on the right track or do I need to rethink my whole process? :) > > Thanks Everyone! Addslashes and mysql_real_escape_string are designed to escape certain characters which would otherwise cause problems when used in a sql query - as you aren't using a database, you don't need them here. For the display you'll want to make sure that html entities are rendered correctly, so process with htmlentities or htmlspecialchars for display. There is probably nothing you need to do to the emailed version. Cheers -- David Robley Honey, PLEASE don't pick up the PH$@#*&$^(#@&$^%(*NO CARRIER Today is Prickle-Prickle, the 66th day of Discord in the YOLD 3177. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php