Hull, Douglas D wrote:
But if one enters: w' my word ends up w\'
Run stripslashes() on the entire string before you begin processing it.
If you eventually insert the data into the database, you'll need to run
addslashes() on it though, to prevent errors/sql injection from the
unescaped quotes.
-
As John H told me (which is true) I should run my words through htmlentities. I have
a textarea in a form for individuals to type in a list of words. From there I place
these words in an array and then perform calculations and echo the words back out with
the resulting calculations. But if o
2 matches
Mail list logo
