[Phpwm] escape hell!
Greg Jones
greg.jones at gmail.com
Thu Jun 29 22:28:01 BST 2006
> Depends what the array is part of, but if its going to a database or
> something then why not use htmlentities() to replace the apostrophes
> etc, that should make it safe enough.
>
> Regards,
>
> Phil
>
If it's going to a database, you should be using the db-specific escape
functions (e.g. mysql_real_escape_string), addslashes isn't really
sufficient.
htmlentities by default won't do anything to single-quotes anyway, you
need to pass it ENT_QUOTES (I think...) as the 2nd argument, and I'd
personally leave the application of that until the data is being displayed
in a html page.
Greg
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
More information about the Phpwm
mailing list