Is php capable of recognizing things such as in a text box, someone were to put <?php insert php code here; ?> and display say, variables?
No, not normally. If you just display the code, it'll show as plain PHP code and not be run. However, if it makes its way into an include file or eval() call, then it could be evaluated.
do i have to htmlspecialchars every entry?
Depends on your program. For most text, yes.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
