** Reply to note from Bogdan Stancescu <[EMAIL PROTECTED]> Sat, 05 Jan 2002 05:39:46 +0200
> Bogdan Stancescu wrote:
> > Ok, finally found a valid argument! :-)
> >
> > What if the user enters "I'm aware that 2>3!"?
> >
> > Bogdan
> Tested it - it works. However, you'll have big problems if you'll ever need to
> echo the data. Consider this example:
> Enter description: <input box>
> The user enters "Edited by Bogdan's wife <[EMAIL PROTECTED]>". You now want to store
> this. You'll first use your algorithm to convert the ' into &#039;. You store
> the result in the database.
> Now you want to display this data. You retrieve "Edited by Bogdan&#039;s wife
> <[EMAIL PROTECTED]>" from the database. What next? You can't simply echo this because
> that would apparently omit "<[EMAIL PROTECTED]>". You can't htmlspecialchars() either
> because that would result in "Edited by Bogdan&amp;#039;s wife
> &lt;[EMAIL PROTECTED]&gt;" which is not right.
> So there, that's why you should store the text as everybody else does. :-)

Don't forget phpMyAdmin and any other programs that you might want to
access the database from. (Including the MySQL commaond line) they all
expect normal text.

If you haven't looked at phpMyAdmin, you should.

Rick Widmer
Internet Marketing Specialists

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to