see htmlentities function in the manual
http://ca3.php.net/manual/en/function.htmlentities.php
bastien
From: "Todd Trent" <todd@xxxxxxxxxxxxxxxxx> To: <php-db@xxxxxxxxxxxxx> Subject: validate/sanitize data Date: Wed, 17 Nov 2004 15:06:55 -0500
I need to add textarea input into a mysql database. The input can be anything you would find in normal paragraph text - [:alnum:][:punct:][:space:]. In this case it is likely that the input could also include special accent characters (grave, acute, tilde, etc. - ex. é). Is addslashes enough to reduce security/sql error issues (provided !get_magic_quotes_gpc())? Or should I try to strip or test for "-- = < >". This input, due to its size, is obviously not going to be used in a WHERE clause.
????????????????????????????????? Todd Trent VP
Hogfish Design 2550 26th Street West Bradenton, FL 34205
Tel: 941-749-0144 url: www.hogfishdesign.com ?????????????????????????????????
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
