Vail, Warren wrote:
The function addslashes() will resolve many user input problems where the user;
Inputs a quoted value in the middle of his string. Uses & and < and > in text. Inputs other ASCII control characters like tab and bell (remember that one).
addslashes() does not escape & < > characters nor control characters (other than NUL). It only affects single quotes, double quotes, backslashes, and NUL bytes.
Just to name a few.
Usually MySQL will strip slashes when the column is retrieved,
Already mentioned, but there are no slashes to remove when reading data. The slashes simply escape the string to get it into the database.
however care
should be taken when displaying the value on a form (inside another text
area should be no problem).
It can be a problem if the text contains the string "</textarea>" followed by whatever the user wants to inject onto your page.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
