great point about the array; to make the script more portable i will most definitely detect magic quotes.
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Phillip Jackson wrote: > > > > function escape(){ > > while (list($key, $value) = each($_POST)) { > > $value = trim(mysql_escape_string($value)); > > global $$key; > > $$key = $value; > > } > > } > > > > 1. The function does not detect if magic_quotes_gpc are on, post vars > would be double escaped then. > > 2. $value might be an array (<input name="var[]" ...>), the array would > be effectively destroyed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
