Bogdan Stancescu wrote: > Ok, finally found a valid argument! :-) > > What if the user enters "I'm aware that 2>3!"? > > Bogdan
Tested it - it works. However, you'll have big problems if you'll ever need to echo the data. Consider this example: Enter description: <input box> The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store this. You'll first use your algorithm to convert the ' into '. You store the result in the database. Now you want to display this data. You retrieve "Edited by Bogdan's wife <[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either because that would result in "Edited by Bogdan&#039;s wife <[EMAIL PROTECTED]>" which is not right. So there, that's why you should store the text as everybody else does. :-) Bogdan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]