Bogdan Stancescu wrote:

> Ok, finally found a valid argument! :-)
>
> What if the user enters "I'm aware that 2>3!"?
>
> Bogdan

Tested it - it works. However, you'll have big problems if you'll ever need to
echo the data. Consider this example:

Enter description: <input box>

The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store
this. You'll first use your algorithm to convert the ' into &#039;. You store
the result in the database.

Now you want to display this data. You retrieve "Edited by Bogdan&#039;s wife
<[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because
that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either
because that would result in "Edited by Bogdan&amp;#039;s wife
&lt;[EMAIL PROTECTED]&gt;" which is not right.

So there, that's why you should store the text as everybody else does. :-)

Bogdan



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to