"htmlentities(), also. <input type="text" name="referred" value="<?echo htmlentities($old['Referred']);?>" accesskey="d" id="id-referred">
Other wise the value could have a double quote within it and a malicious user could effectively "end" your input text box and inject their own HTML." is there any way to keep multiple users using the same form from mixing up variables -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
