you could always to a preg_replace() and replace the backticks with their &#xxx; equal.
Jim ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 19, 2003 4:27 AM Subject: [PHP] Backticks and echo > Hello everyone > > I reread the manual again on the topic of backticks and from that I have > security / usabilitiy issue. > > Here is the issue: > > When I check formdata from a simple form I use regular expression to make > sure the input confirms to certain guidlines before including them into my > scripts. > Basically this means excluding special character like the above mentioned > backticks. Well so far so good. > When the input is wrong I'd like to redisplay the wrong input and ask the > user to correct these. > Now here comes the issue as far as I understand the manual the text > inbetween backticks is executed and the output is included in place. This > happens when I echo the text out. So if I don't allow backticks in my > input field and I want to redisplay that input I execute the code right? > Meaning I can'T redisplay the text as the user inputed it. When I use > escapeshellcmd to prevent any execution I redisplay the input differently > than the users input. This will confuse most users and is not as wished > from a usability standpoint. > So have I missunderstood the way backticks work or is this an unresolvable > issue? > > Any help greatly appreciated > > Stefan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
