Bogdan Stancescu wrote:
> Ok, finally found a valid argument! :-)
> What if the user enters "I'm aware that 2>3!"?
Tested it - it works. However, you'll have big problems if you'll ever need to
echo the data. Consider this example:
Enter description: <input box>
The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store
this. You'll first use your algorithm to convert the ' into '. You store
the result in the database.
Now you want to display this data. You retrieve "Edited by Bogdan's wife
<[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because
that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either
because that would result in "Edited by Bogdan&#039;s wife
<[EMAIL PROTECTED]>" which is not right.
So there, that's why you should store the text as everybody else does. :-)
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]