[snip] When we are at it let's don't forget htmlspecialchars <input name="cliemail" type="text" size="48" value="<?echo htmlspecialchars($clil); ?>" readonly>
skitum wrote: >hey folks, don't forget quotes ;o) > ><td><input value="<? echo $cost; ?>" name="txtSubTotalAmount" size="40" >readonly></td> [/snip] Well now we have gone too far! :^] In the original post the variable was $cost. But let's not forget addslashes() or stripslashes(), unless, of course, magicquotes is on, and then if register_globals is off then; <input name="cliemail" type="text" size="48" value="<?echo htmlspecialchars($_POST['clil']); ?>" readonly> or <input name="cliemail" type="text" size="48" value="<?echo htmlspecialchars($_GET['clil']); ?>" readonly> :^] Jay ***************************************************** * Texas PHP Developers Conf Spring 2003 * * T Bar M Resort & Conference Center * * New Braunfels, Texas * * Contact [EMAIL PROTECTED] * * * * Want to present a paper or workshop? Contact now! * ***************************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php