> I added the hidden field like so because I couldn't get "htmlentities"
> work:
> <input type="hidden" name="area_todelete" value="<?=$area_todelete?>">

Just hope that no one submits a $area_todelete with an " in it,
otherwise they will be able to inject any kind of HTML/Javascript/etc
they want into the resulting page.

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to