[Phpwm] escape hell!

Greg Jones greg.jones at gmail.com
Thu Jun 29 22:28:01 BST 2006

> Depends what the array is part of, but if its going to a database or  
> something then why not use htmlentities() to replace the apostrophes  
> etc, that should make it safe enough.
> Regards,
> Phil
If it's going to a database, you should be using the db-specific escape  
functions (e.g. mysql_real_escape_string), addslashes isn't really  
htmlentities by default won't do anything to single-quotes anyway, you  
need to pass it ENT_QUOTES (I think...) as the 2nd argument, and I'd  
personally leave the application of that until the data is being displayed  
in a html page.


Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

More information about the Phpwm mailing list