On Sat, 22 Mar 2003 09:34:03 -0500, you wrote: >When validating user input to remove quotes and other characters that >can be used for hacks, does one need to be concerned about the high- >ASCII characters which have 'quote' meanings (e.g. 0x91 - 0x94). I >presume not, but just wanted to verify that PHP will not interpret >these as quotes.
You should probably look at this function: http://www.php.net/manual/en/function.htmlentities.php The thing that is most likely to trip you up is people who cut'n'paste from Word. High-ASCII characters can slip in like that, also some characters that are common in European languages (accents and umlauts). All of these need to be translated into HTML entities. (ISTR there are a few additional characters you should add to the translation table if you're doing WML, too.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
