Jay Blanchard wrote:
[snip]
May I ask why you are suggesting this function ?
You can use htmlentities() on the information placed
[/snip]
Because it will convert things like quotes into their HTML counterparts
before you place them into the table. If you are reading it back out to
a web interface they get properly displayed without any manipulation.
http://www.php.net/htmlentities explains a little more in depth. It is
one step towards preventing SQL injection and possible other hack
attacks.
You should also use mysql_real_escape_string() on the data from the client.
http://www.php.net/mysql_real_escape_string
--
Ben Ramsey
Zend Certified Engineer
http://benramsey.com
---------------------------------------------------
Atlanta PHP - http://www.atlphp.org/
The Southeast's premier PHP community.
---------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
