> I'm using php addslashes to store data into MySQL and php stripslashes when > pulling it back out, but I'm running into trouble when people enter HTML > code. Do you have any recommendations? > Here's an example of what I'm talking about: > <input name="Title" value="<?php echo stripslashes($Entry["Title"]);?>"> > An error occurs if the entry has a value of: > this is a <font color="red"><b>test</b></font>. Are we having FUN yet? > Any ideas or recommendations? I guess it depends on what you want to do with that data. if you want the html to remain you could run htmlspecialchars against the input which would convert characters based in the list at the top of this page...http://www.php.net/manual/en/function.htmlspecialchars.php. or if you want to get rid of the html use strip_tags() or if neither work for you...addcslashes maybe good for you. (i'm guesting this is what you want, as there is also a corresponding stripcslashes() ) hth jeff > Thanks, > -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
