Torsten Roehr <mailto:[EMAIL PROTECTED]> on Wednesday, June 30, 2004 10:03 AM said:
> 1. get data from DB > 2. convert for valid HTML output (stripslashes(), htmlentities()) > 3. output as HTML (into the form elements) > 4. get POST data > 5. escape POST data and insert into DB again two comments: first comment: re: #2. why stripslashes()? if you've properly escaped your data before the INSERT the slashes should be non-existant on the way out should they not? second comment: you forgot #4.5 *validate* data to your specifications chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
