tedd wrote:
At 5:03 PM +0200 4/9/09, Jan G.B. wrote:


You might want to use htmlspecialchars($str, ENT_QUOTES)

OUT from db to html

and

mysql_real_escape_string(stripslashes($_POST['yourself']));


The above tells me that you probably need to look at your magic quotes setting.

Typically, you will want to disable magic quotes in your php.ini file / VirtualHost Block / or somewhere else. This setting tells PHP to automagically escape your GET/POST data when PHP receives it from the web server (Apache/IIS/etc...). I recommend turning it off, but making darn sure you sanitize all input to script from and outside source.


IN to db from html

Thanks, that worked.

Cheers,

tedd




--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
       and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
    by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to