"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > --- Cesar Aracena <[EMAIL PROTECTED]> wrote: > > When I make a form in a web site for a visitor to > > send me some comments, I use nl2br() to put things > > like line breaks and see what the visitor wants me > > to see. > > > > But what happens if I have a web form to input some > > text into a TEXT cell in MySQL and want to retrieve > > it like I wrote it? > > My advice is to store in MySQL exactly what the user types. > This way, you can decide when you retrieve this data > whether you want to display it on a page (in which case you > would use nl2br) or display it in a text field for editing > (in which case you would leave the data raw). > > Chris
Condier using mysql_escape_string() before inserting into your table to protect your database server from simple attacks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
