> And yes, definitely striptags(), and follow the advice on the rest of the > thread.
I disagree. I think stripping HTML from my text is a horrible thing. If I want to put a <b> in my text, then use htmlentities() and show me a <b> when I look at it. Obviously you don't want to "evaluate" HTML, but the end result should be that I should see exactly what I typed into the text box. If you need to allow formatted text, then use something like BBcode where you can specify exactly what is allowed. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
