On Fri, 16 Jul 2004 11:58:55 -0500 (EST), Ed Curtis <[EMAIL PROTECTED]> wrote: > > > > On Fri, 16 Jul 2004, John W. Holmes wrote: > > > Let's say you have $_POST['text'] from the user. > > > > To display the value back to the user with magic_quotes_enabled, you'd > > do this: > > > > echo htmlentities(stripslashes($_POST['text'])); > > > > To put the value into a hidden form element, you'd do this: > > > > <input type="hidden" name="text" > > value="<?=htmlentities(stripslashes($_POST['text']))?>"> > > > > Now, $_POST['text'] will come out correctly on Page 3. Since you seem to > > have magic_quotes_gpc enabled, you can put the value directly into your > > query. > > Actually when I tried the above example nothing was entered into the > database. This worked.. htmlentities($_POST['text']). >
This is why he said: "Since you seem to have magic_quotes_gpc enabled, you can put the value directly into your query." You shouldn't use htmlentities when putting it into the DB. Use it when displaying the text. -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
