Hello, I use mysql_real_escape_string() to escape data for db population.
ie. ..form.. <textarea><?PHP stripslashes($dbvar); ?></textarea> ..recieving form input before db update.. $var =mysql_real_escape_string($var); My question is regarding when wanting to allow HTML within a database... Will stripslashes also take out the slashes from something like this?: <span style="color:red;">some text</span> That would effectively negated the ability to use HTML/CSS in your db. If so, how do you get around this with safe data entry? TIA, Donovan -- D Brooke -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
