> I'm cooking tothether a tiny php html editor right now, (textarea kind > of thing). To treat the text properly I need to encode characters like > '"', '<', '>', and friends into something that doesn't confuse the > browser.
Htmlentities() or htmlspecialchars() > By the way, do you think encoding and decoding special characters like > this may replace addslashes() and stripslashes()? The html pages will > be stored in a MySQL database. No. There is no HTML entity for the single quote, so those will remain unchanged. If you use all double quotes for string delimiters in your queries, then you could skip addslashes(). > Also, addslashes() will reduce the chance of bad stuff being passed to > MySQL. But is there a function which stops client-side scripts in > whatever is entered by the user? No, not really. Using strip_tags() or htmlentities() is the best way to go on user data. It will prevent the HTML or JS that's in the input from being evaluated. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
