Hull, Douglas D wrote:
But if one enters: w' my word ends up w\'
Run stripslashes() on the entire string before you begin processing it.
If you eventually insert the data into the database, you'll need to run addslashes() on it though, to prevent errors/sql injection from the unescaped quotes.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
