I would suggest you rather do the following ( over and above the 
htmlentities as already suggested )

In stead of doing
echo " <html with single='quotes'>";
to rather
echo '<html with double="quotes">';

The reason is; there is a difference between echo 'stuff' ; and echo 
The first (single quotes) is treated as literal content, ie, PHP justs 
echo's, does no parsing, while the double-quotes means PHP will look at 
the content between the quotes and parse any variables etc.
So, if you are not echoing anything that needs to be parsed, use single 

$var = 'testing';
echo '$var<br>';
echo "$var<br>";


It just saves on overhead, and in your case, you would not have run into 
this problem...

Mark Colvin wrote:

>Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
>said, I shouldn't have to use StripSlashes but would I still need to use
>AddSlashes when inserting/updating? I can see the slashes in the database
>when I look at the tables but I am fairly sure that I do not add slashes
>twice? Are they being added automatically somewhere as a result of a setting
>in the php.ini file?
>With regards to my use of mysql_result as opposed to mysql_fetch_*
>functions, I was ignorant of the performance hit and I will now re think
>around my database code.
>This e-mail is intended for the recipient only and
>may contain confidential information. If you are
>not the intended recipient then you should reply
>to the sender and take no further ation based
>upon the content of the message.
>Internet e-mails are not necessarily secure and
>CCM Limited does not accept any responsibility
>for changes made to this message. 
>Although checks have been made to ensure this
>message and any attchments are free from viruses
>the recipient should ensure that this is the case.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to