Try looking at htmlspecialchars() and htmlentities() instead. They'll
convert things like < and > to > and < and ampersands to &.
Leif K-Brooks wrote:
> I am going to use the following code. Can someone give me a second
> opinion on whether it will work?
> //Stop people from using &whatever; tags, in case they can smuggle
> $text = str_replace("&","&",$text);
> //Stop the onmouseover, etc. parameters
> $text = eregi_replace("on","o-n",$text);
> $text = eregi_replace("script","sc-ript",$text);
> //Return the edited string
> return $text;
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php