On Mon, October 2, 2006 8:09 am, Ross wrote: $mail_body .= "<font size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">" . stripslashes($mail_text) . "</font>";
HOWEVER: The fact that you are calling "stripslashes" at all tells me that either: You've screwed up with Magic Quotes being on and calling addslashes (or mysql_[real_]escape_string) so you've essentially double addslashed your data. You don't understand the purpose of escaping data for INPUT to MySQL and think you need to escape it for OUTPUT, which you don't. ANYBODY calling "stripslashes" is almost-for-sure doing something fundamentally wrong in their code. Hmmmm. Can we get *that* into E_STRICT? :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
