I run across this in all the user input forms I do. People are always
trying to put weird stuff in there. Usually I just use the str_replace
function to strip out unwanted characters. Cheers.
Armando
Ross Honniball wrote:
Hi all,
Say you get some text field from a user and store it in a data
Hi all,
Say you get some text field from a user and store it in a database. Then
later you display this input. If the user has coded html in the actual
input, without running this through some kind of parsing function, it could
give you some odd results.
For example, say the user types in, a
